Displaying difference between revision 3 and 2 of Wiki page:Configuring Sybase to use LDAP
 
Please wait, loading revisions...
display as  
Sybase can be configured to use logins from an LDAP server. There is a general [whitepaper|http://www.sybase.com/content/1026313/SYSD1039LDAP_WP.pdf] on this topic, here's a cookbook. !!Setup and configuration Let's assume you have a simple LDAP structure on host 192.168.0.17 like this: [CB:/displayDocument/2009-02-19_151824.png?object_comment_id=35] Using [isql|WIKIPAGE:2910], perform the following configuration changes: * first, enable LDAP: {{{sp_configure "enable ldap user auth", 1}}} Note: '1' allows authentication both via syslogins (the "normal" Sybase way) and LDAP, 0 disables, 2 sets to LDAP only. * then, set the LDAP server URL: {{{sp_ldapadmin 'set_primary_url', 'ldap://192.168.0.17:389/dc=scopeset,dc=de??sub?cn=*'}}} * finally, enable the primary server: {{{sp_ldapadmin 'activate', 'primary'}}} * sp_ldapadmin 'list' should now show something like this: {{{1> sp_ldapadmin 'list' 2> go Primary: URL: 'ldap://192.168.0.17:389/dc=scopeset,dc=de??sub?cn=*' DN Lookup URL: '' Access Account: 'cn=Manager,dc=scopeset,dc=de' Active: 'TRUE' Status: 'ACTIVE' Secondary: URL: '' DN Lookup URL: '' Access Account: '' Active: 'FALSE' Status: 'NOT SET' Timeout value: '-1'(10000) milliseconds Log interval: '3' minutes Number of retries: '3' Maximum LDAPUA native threads per Engine: '49' Maximum LDAPUA descriptors per Engine: '20' Abandon LDAP user authentication when full: 'false' (return status = 0)}}} * next, check if the login can be found: {{{1> sp_ldapadmin 'check_login', 'test123' 2> go The login name 'test123' exists as a user on the LDAP Server specified for ASE. (return status = 0)}}} * finally, tell Sybase to create logins from LDAP (this happens if a user logs in to Sybase/OpenAmeos for the first time): {{{sp_maplogin LDAP, NULL, 'create login'}}} From now on, new users can be created and maintained on the LDAP Server, password changes are automatically synchronized. Note that you need to manage the user's system creation privileges and access rights to OpenAmeos models via the OpenAmeos Desktop. !!Converting existing logins In most cases, you will already have a list of Sybase users which had originally been created in the OpenAmeos Desktop. In order to synchronize these with LDAP, you first have to create the users/persons/etc. on your LDAP server. Then, run the following isql command for every user: {{{sp_modifylogin "test123", "authenticate with", "LDAP"}}} (for bigger lists of users, you can also create an isql script, see [WIKIPAGE:3290] Restoring Databases and Users for how this is done.