Administration Guide › Set Up Distribution and Routing › Connect to Other LDAP Servers › User Credentials on DXlink Binds › Setting User Credentials for LDAP Operations

Setting User Credentials for LDAP Operations

If either of the following is true, you can set the credentials used in the DXlink connections in the LDAP server configuration file:

• The user invoking the request is authenticated using a DN that is outside the LDAP server.
• More than one DSA is in the path to the LDAP server.

  For example:

  set dsa LDAP1 = {
  

  ...
  ldap-dsa-name   = <c US><o “Ace Industry”><cn “Fred Smith”>
  ldap-dsa-password = fredspassword
  ...
  

  };
  

The LDAP DSA name must be a valid entry in the LDAP server because all requests from the backbone use the permissions that are granted to this entry.

The DSA in the previous example expects credentials to be returned on the bind confirm sent by the LDAP server. If no credentials are returned, then the bind is rejected.

The knowledge reference of the LDAP server can include the trust flag no-server-credentials, which indicates to the DSA that the LDAP server will not return credentials on a bind.

When this flag is set, then the DSA accepts a bind confirm result returned from the LDAP server if it does not include credentials, as in the following example:

set dsa LDAP1 = {

...
trust-flags = no-server-credentials
...

 };