If either of the following is true, you can set the credentials used in the DXlink connections in the LDAP server configuration file:
For example:
set dsa LDAP1 = {
... ldap-dsa-name = <c US><o "Ace Industry"><cn "Fred Smith"> ldap-dsa-password = fredspassword ...
};
The LDAP DSA name must be a valid entry in the LDAP server because all requests from the backbone use the permissions that are granted to this entry.
The DSA in the previous example expects credentials to be returned on the bind confirm sent by the LDAP server. If no credentials are returned, then the bind is rejected.
The knowledge reference of the LDAP server can include the trust flag no-server-credentials, which indicates to the DSA that the LDAP server will not return credentials on a bind.
When this flag is set, then the DSA accepts a bind confirm result returned from the LDAP server if it does not include credentials, as in the following example:
set dsa LDAP1 = {
... trust-flags = no-server-credentials ...
};
Copyright © 2009 CA. All rights reserved. | Email CA about this topic |