SPD Server Parameter File Configurations for LDAP

LDAP Server That Is Running on an SPD Server Host

For this configuration, assume that all other LDAP settings use the default configuration. To run an LDAP server on the SPD Server host, add the LDAP option to your SPD Server parameter file. User authentication is performed by the LDAP server, running at port LOCAL_HOST, on the SPD Server host.

LDAP Server Running on SPD Server Host Using Port Other Than LOCAL_HOST

For this configuration, assume that all other LDAP settings use the default configuration, and that you want to perform LDAP user authentication where the LDAP server is using a port number that is different from the port assigned to LOCAL_HOST. To run an LDAP server on the SPD Server host using a port assignment other than LOCAL_HOST, add the LDAP option and the LDAPPORT= port specification to your SPD Server parameter file.

LDAP Server and SPD Server Host That Are Running on Different Machines

For this configuration, assume that you want to perform LDAP user authentication, but the LDAP server and the SPD Server hosts are on different machines.

To run an LDAP server and the SPD Server hosts on different machines, add the LDAP option and the LDAPSERVER= specification (such as <host.domain.company.com>) to your SPD Server parameter file. LDAP user authentication occurs where the LDAP server is running at port LOCAL_HOST on host.domain.company.com.

The default SPD Server LDAP authentication mechanism is ANONYMOUS. ANONYMOUS LDAP authentication is not secure. When the SPD Server and LDAP server hosts are on different machines, use the SASL Digest-MD5 mechanism for secure authentication. To use SASL Digest-MD5 secure authentication, add the statement LDAPBINDMETH=LDAP_AUTH_SASL to your SPD Server parameter file.

SPD Server User IDs and Passwords That Are Not in Their Default Location in the LDAP Database

For this configuration, assume that you want to perform LDAP user authentication, but the SPD Server user IDs and passwords are not in their default locations in the LDAP database. Assume that all other LDAP settings use the default configuration.

First, add the LDAP option and the LDAPBINDDN= specification, where the LDAPBINDDN= property setting is ou=people, dc=domain, dc=company, dc=com. Adding this option and specification results in LDAP user authentication, where the LDAP server is running at port LOCAL_HOST on the SPD Server host machine. The LDAP server looks for SPD Server users at the location that corresponds to ou=people, dc=domain, dc=company, dc=com in its database.

SPD Server User IDs and Passwords That Are Not in Their Default Location in the LDAP Database and in the LDAP Server That Is Using TCPIP_PORT

For this configuration, assume that you want to perform LDAP user authentication, the SPD Server User IDs and Passwords are located at ou=people, dc=domain, dc=company, dc=com in the LDAP database, and the LDAP server is using the port TCPIP_PORT.

First, add the LDAP option and set the LDAPPORT= port specification to TCPIP_PORT in your SPD Server parameter file. Then, add the LDAPBINDDN= specification, where the LDAPBINDDN= property setting is ou=people, dc=domain, dc=company, dc=com.

User authentication is performed where the LDAP server is running at port TCPIP_PORT on the SPD Server host machine. The LDAP server looks for SPD Server users at the location that corresponds to ou=people, dc=domain, dc=company, dc=com in its database.