Click here to view and discuss this page in DocCommentXchange. In the future, you will be sent there automatically.

SQL Anywhere 17 » MobiLink - Server Administration » MobiLink reference » MobiLink server system procedures

ml_add_user_auth_policy system procedure

Add MobiLink user authentication policies.

Syntax
ml_add_user_auth_policy ( 
'policy_name', 
'primary_ldsrv_name', 
'secondary_ldsrv_name', 
'ldap_auto_failback_period'
'ldap_failover_to_std'
)
Parameters
Syntax Description
policy_name

VARCHAR(128). A unique user authentication policy name.

primary_ldsrv_name

VARCHAR(128). Specifies the primary LDAP server name to be used to authenticate this user. The specified LDAP server name must already exist in the ml_ldap_server table.

secondary_ldsrv_name

VARCHAR(128). Specifies the secondary LDAP server name for failover purposes. The secondary LDAP server name must already exist in the ml_ldap_server table.

ldap_auto_failback_period

INTEGER. Use this parameter to inform the MobiLink server when it should fail over to the primary LDAP server for user authentication. The time is specified in seconds and the default value is 900 seconds (15 minutes).

When the primary LDAP server is not available for user authentication, the MobiLink server remembers when the problem was detected and switches to the secondary server for user authentication. The MobiLink server then switches back to use the primary server for user authentication for any users who are currently using this user authentication policy when the elapsed time since the failure was detected has reached @ldap_auto_failback_period.

ldap_failover_to_std

INTEGER. Specifies whether the MobiLink server should use standard methods (password and user authentication scripts) to authenticate the user. The value can be as follows:

  • 0 The MobiLink server authenticates the user only against LDAP servers. If the user cannot be authenticated against an LDAP server, then the synchronization request fails.
  • 1 The MobiLink server authenticates the user by using the script-based method of user authentication if an LDAP server is not available.
  • 2 The MobiLink server authenticates the user against an LDAP server first and then authenticates the user with the script-based method of user authentication, whether or not the user is authenticated with the LDAP server. The MobiLink server passes one of the following values to indicate the user authentication status to the scripts: 1000 if the user is authenticated against the LDAP server; 4000 if the user is not authenticated against the LDAP server; or 6000 if the LDAP servers are not available.

The MobiLink user password is only hashed and stored in the ml_user table in the consolidated database if the ldap_failover_to_std parameter is configured with a value of 1 or 2. The password is not saved if this parameter is set to 0.

Remarks

If the specified policy_name does not exist in the table, then this procedure adds a user authentication policy to the ml_user_auth_policy table. If the policy_name is already in the table, then executing this procedure with non-NULL parameters updates all the corresponding fields with the specified non-NULL parameters. For instance, the following SQL statement updates the user authentication policy policy_1 to use ldap_server2 as a secondary LDAP server and enables failover to use password and user authentication script based authentication, when both the primary and secondary LDAP servers are unavailable.

CALL ml_add_user_auth_policy( 'policy_1', NULL, 'ldap_server2', NULL, 1 );

To delete an authentication policy, all parameters except for policy_name should be NULL.

When adding a MobiLink user authentication policy, the parameter primary_ldsrv_name cannot be NULL but the secondary_ldsrv_name parameter can be NULL.