|
Validates an LDAP server configuration object.
VALIDATE LDAP SERVER { ldapua-server-name | ldapua-server-attribs } [ CHECK user-id [ user-dn-string ] ]
The name of the LDAP server configuration object to validate. For a full description of this clause, see the CREATE LDAP SERVER statement.
When validating an LDAP server configuration object using ldapua-server-attribs, the specified attributes are validated. The URLs are parsed to identify syntax errors. Validation stops and an error is returned if a syntax error occurs.
For a full description of this clause, see the CREATE LDAP SERVER statement.
Use this clause to specify a user ID to search for on the LDAP server.
When a VALIDATE LDAP SERVER statement is executed, a connection to the LDAP server is attempted. If ACCESS ACCOUNT and a password are specified, the values are used to establish the connection to the SEARCH DN URL, validating the SEARCH DN URL, ACCESS ACCOUNT, and ACCESS ACCOUNT password.
When setting up a new server to use LDAP User Authentication, this statement is useful validating changes to an LDAP server configuration object before applying them, and for diagnosing problems between the database server and the LDAP server.
If you use this statement in a procedure and include an IDENTIFIED BY clause in the attributes, do not specify the password as a string literal because the definition of the procedure is visible in the SYSPROCEDURE system view. For security purposes, specify the password using a variable that is declared outside of the procedure definition.
You must have the MANAGE ANY LDAP SERVER system privilege.
Automatic commit.
Not in the standard.
The following example creates and LDAP server configuration object and connects to the LDAP server at hostname voyager, port number 389, using the ACCESS ACCOUNT and password specified in the definition for apps_primary.
CREATE LDAP SERVER apps_primary2 SEARCH DN URL 'ldap://voyager:389/dc=MyCompany,dc=com??sub?cn=*' ACCESS ACCOUNT 'cn=aseadmin, cn=Users, dc=mycompany, dc=com' IDENTIFIED BY 'Secret99Password' AUTHENTICATION URL 'ldap://voyager:389/' CONNECTION TIMEOUT 3000 WITH ACTIVATE; VALIDATE LDAP SERVER apps_primary2;
The following example connects to the LDAP server at hostname voyager, port number 389, using the ACCESS ACCOUNT and password specified in the definition for apps_primary2. It also checks that user ID myusername is valid and matches the expected user DN:
VALIDATE LDAP SERVER apps_primary2 CHECK myusername 'cn=myusername,cn=Users,dc=mycompany,dc=com';
If the LDAP server configuration object has not been defined, the same checks can be performed by specifying the attributes:
VALIDATE LDAP SERVER SEARCH DN URL 'ldap://voyager:389/dc=MyCompany,dc=com??sub?cn=*' ACCESS ACCOUNT 'cn=aseadmin, cn=Users, dc=mycompany, dc=com' IDENTIFIED BY 'Secret99Password' AUTHENTICATION URL 'ldap://voyager:389/' CONNECTION TIMEOUT 3000 CHECK myusername 'cn=myusername,cn=Users,dc=mycompany,dc=com';