The ScopeSET Support and Community Portal
         
View all tags
Tags:    No tags associated yet.
Sybase can be configured to use logins from an LDAP server. There is a general whitepaper on this topic, here's a cookbook.

Setup and configuration

Let's assume you have a simple LDAP structure on host 192.168.0.17 like this:

CB:/displayDocument/2009-02-19_151824.png?object_comment_id=35

Using isql, perform the following configuration changes:

  • first, enable LDAP:
sp_configure "enable ldap user auth", 1
Note: '1' allows authentication both via syslogins (the "normal" Sybase way) and LDAP, 0 disables, 2 sets to LDAP only.
  • then, set the LDAP server URL:
sp_ldapadmin 'set_primary_url', 'ldap://192.168.0.17:389/dc=scopeset,dc=de??sub?cn=*'
  • finally, enable the primary server:
sp_ldapadmin 'activate', 'primary'
  • sp_ldapadmin 'list' should now show something like this:
1> sp_ldapadmin 'list'
2> go
Primary:
    URL:                 'ldap://192.168.0.17:389/dc=scopeset,dc=de??sub?cn=*'
    DN Lookup URL:       ''
    Access Account:      'cn=Manager,dc=scopeset,dc=de'
    Active:              'TRUE'
    Status:              'ACTIVE'
Secondary:
    URL:                 ''
    DN Lookup URL:       ''
    Access Account:      ''
    Active:              'FALSE'
    Status:              'NOT SET'
Timeout value:           '-1'(10000) milliseconds
Log interval:            '3' minutes
Number of retries:       '3'
Maximum LDAPUA native threads per Engine: '49'
Maximum LDAPUA descriptors per Engine: '20'
Abandon LDAP user authentication when full: 'false'
(return status = 0)
  • next, check if the login can be found:
1> sp_ldapadmin 'check_login', 'test123'
2> go
The login name 'test123' exists as a user on the LDAP Server specified for ASE.
(return status = 0)
  • finally, tell Sybase to create logins from LDAP (this happens if a user logs in to Sybase/OpenAmeos for the first time):
sp_maplogin LDAP, NULL, 'create login'

From now on, new users can be created and maintained on the LDAP Server, password changes are automatically synchronized.

Note that you need to manage the user's system creation privileges and access rights to OpenAmeos models via the OpenAmeos Desktop.

Converting existing logins

In most cases, you will already have a list of Sybase users which had originally been created in the OpenAmeos Desktop. In order to synchronize these with LDAP, you first have to create the users/persons/etc. on your LDAP server. Then, run the following isql command for every user:
sp_modifylogin "test123", "authenticate with", "LDAP"
(for bigger lists of users, you can also create an isql script, see Creating and restoring Sybase database dumps Restoring Databases and Users for how this is done.