|The ScopeSET Support and Community Portal|
Sybase can be configured to use logins from an LDAP server. There is a general whitepaper on this topic, here's a cookbook.
Setup and configurationLet's assume you have a simple LDAP structure on host 192.168.0.17 like this:
Using, perform the following configuration changes:
sp_configure "enable ldap user auth", 1Note: '1' allows authentication both via syslogins (the "normal" Sybase way) and LDAP, 0 disables, 2 sets to LDAP only.
sp_ldapadmin 'set_primary_url', 'ldap://192.168.0.17:389/dc=scopeset,dc=de??sub?cn=*'
sp_ldapadmin 'activate', 'primary'
1> sp_ldapadmin 'list' 2> go Primary: URL: 'ldap://192.168.0.17:389/dc=scopeset,dc=de??sub?cn=*' DN Lookup URL: '' Access Account: 'cn=Manager,dc=scopeset,dc=de' Active: 'TRUE' Status: 'ACTIVE' Secondary: URL: '' DN Lookup URL: '' Access Account: '' Active: 'FALSE' Status: 'NOT SET' Timeout value: '-1'(10000) milliseconds Log interval: '3' minutes Number of retries: '3' Maximum LDAPUA native threads per Engine: '49' Maximum LDAPUA descriptors per Engine: '20' Abandon LDAP user authentication when full: 'false' (return status = 0)
1> sp_ldapadmin 'check_login', 'test123' 2> go The login name 'test123' exists as a user on the LDAP Server specified for ASE. (return status = 0)
sp_maplogin LDAP, NULL, 'create login'
From now on, new users can be created and maintained on the LDAP Server, password changes are automatically synchronized.
Note that you need to manage the user's system creation privileges and access rights to OpenAmeos models via the OpenAmeos Desktop.
Converting existing loginsIn most cases, you will already have a list of Sybase users which had originally been created in the OpenAmeos Desktop. In order to synchronize these with LDAP, you first have to create the users/persons/etc. on your LDAP server. Then, run the following isql command for every user:
sp_modifylogin "test123", "authenticate with", "LDAP"(for bigger lists of users, you can also create an isql script, see Restoring Databases and Users for how this is done.