LDAP nodes are defined to the TSS database as NDT node elements using the format:
TSS ADDTO(NDT) LDAPNODE(node_name)
ACTIVE(YES|NO)
ADMDN(LDAP admin distinguished name)
ADMPSWD(LDAP admin password)
APPLNAME(application name)
BITDEFLT(bit field format)
BROADCAST(YES|NO)
CHILDELETE(YES|NO)
CODEPAGE(encoding table)
DATEFMT(date format)
DEBUG(YES|NO)
EXTENDED(YES|NO)
LABLCERT(label name)
LOWRPSWD(YES|NO)
USERDNS(Distinguished Name suffix)
JOURNAL(YES|NO)
RECOVERY(YES|NO)
SYNCADD(YES|NO)
SYNCDEL(YES|NO)
SYNCUPD(YES|NO)
OBJCLASS(LDAP object class)
PSWDASIS(YES|NO)
SYSID(sysid1,sysid2,,,)
URL(Uniform Resource Locator)
XREF(ACIDfield1,LDAPattribute1Name,LDAPattribute1FieldType,
LDAPattribute1DataFormat,LDAPattribute1Length,
EncloseCharacter)
The internal NODE name of the LDAP server.
A list of up to five SMF id's of systems where the LDAPNODE definition apply. The SYSID value might contain an asterisk for masking. If SYSID is omitted, the LDAPNODE is global for all systems sharing the security file.
More than five system id's can be defined by using multiple ADD commands. When specified on an ADD command, the new SYSID entered will replace a previously existing value.
Indicates the node is active and communication with the LDAP server specified is attempted.
Default: NO
Indicates the LDAP administrator distinguished name used for binding to the LDAP server and administering the LDAP request. If there exists any embedded spaces or commas within the ADMNDN, enclose the entire string in quotes.
Indicates the LDAP administrator password used in conjunction with the LDAP administrator ID for binding to the LDAP server.
Specifies the application name of the NDT table data record that contains the TSS administrator's encryption key used for generating PassTickets. The TSS administrator's userid is used in conjunction with the PassTicket for binding to the LDAP server and administering the LDAP request.
Indicates the default field type and format that all bit fields are sent to the LDAP server. The default for this field is CHAR_YN. The list of available options for this field includes:
Binary 1 or 0 when the bit is ON or OFF, respectively.
'1' or '0' when the bit is ON or OFF, respectively.
'Y' or 'N' when the bit is ON or OFF, respectively.
'T' or 'F' when the bit is ON or OFF, respectively.
Binary 0 or 1 when the bit is ON or OFF, respectively.
'0' or '1' when the bit is ON or OFF, respectively.
'N' or 'Y' when the bit is ON or OFF, respectively.
'F' or 'T' when the bit is ON or OFF, respectively.
Indicates the node is a broadcast node. All commands and password changes are sent to this node regardless of the LDS attribute setting on the ACID record.
Default: NO
Specifies that TSS ACID create processing is propagated to the LDAP server.
Default: NO
Indicates that children objects are deleted before deleting the base object.
Indicates a twenty byte character field to specify which character encoding table is used to translate characters as they are passed into the system. If no CODEPAGE is specified, ASCII ISO8859-1 is assumed.
Indicates the default format that the date fields are sent to the LDAP server. The date format options available are the following:
A two digit month.
A two digit day.
A four digit year.
A two-digit year.
Represents a '/' forward slash delimiter in the date field.
Year designations of 70-99 assume a date in the 20th century (1970-1999); year designations of 00-69 assume a date in the 21st century (2000-2069).
Indicates that node level tracing is enabled or disabled.
Indicates that extended operations are used to enable SSL for the connection to the LDAP server.
Defines the LABEL of the PERSONAL certificate used, if CLIENT authentication is required for the LDAP server defined by this LDAPNODE record.
Indicates the user distinguished name suffix that refers to the entry on the LDAP server where the changes are applied.
Maximum length: 255
Note: If there exists any embedded spaces or commas within the USERDNS, enclose the entire string in quotes.
Specifies whether journaling of LDAP outbound traffic is enabled.
Specifies the LDAP object class used when an LDAP entry is created. The object class defines the attributes the LDAP directory entry might contain.
Default: TSSUSER.
Specifies that TSS ACID remove processing is propagated to the LDAP server.
Default: NO.
Specifies that TSS ACID add/rep processing is propagated to the LDAP server.
Default: NO
Indicates that recovery processing is enabled for the node.
Default: YES
If the password field is specified in the XREF field, the PSWASIS option indicates if the password is propagated as it was entered during a signon password change. Any changes made to the password via the TSS command will always be propagated in upper case even if this option is YES. If this option is set to NO then signon password changes are sent in upper case.
Default: YES
Specifies if the case sensitivity format of the user's password is propagated.
Default: NO
PSWDLOWR works in conjunction with the PSWDASIS function. When:
When a user changes a password during system entry validation, LDS automatically propagates the new password to the LDAP servers interested in the password field. The user receives no indication that LDS processing was involved. LDS must be active and the LDS option must be specified in the ACID.
Specifies the Uniform Resource Locator (URL) used to identify the LDAP server. There is a maximum of three URL entries. The entries specify the primary followed by the backups.The syntax of the LDAP URL is:
ldap[s]:// [<host>[:CA Portal]]
Specifies a connection using the LDAP protocol.
Specifies an SSL LDAP connection.
The name or IP address of the LDAP server host.
The port number of the LDAP server.
Specifies the names of the TSS ACID fields and the corresponding LDAP directory attribute fields synchronized to the LDAP directory.
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|