Unsupported content

 

This version of the documentation is no longer supported. However, the documentation is available for your convenience. You will not be able to leave comments.

Configuring LDAP with Sun Java System Directory Server

By default, the Sun Java System Directory Server allows anonymous users to browse the directory. However, only authenticated users are able to see whether a user account is disabled. To use custom validation filters, the Authentication Service must be configured with LDAP credentials.

The BMC Server Automation Authentication Server uses the LDAPv3 StartTLS protocol extension to provide the endpoint authentication, data confidentiality, and integrity. Sun Directory Server does not, by default, enable StartTLS when installed on Microsoft Windows. You must enable StartTLS by setting ds-start-tls-enabled to on.

An account is considered disabled when the nsAccountLock attribute is set to true. Use the following user validation filter to prevent users with disabled accounts from refreshing their session credentials:

(!(nsAccountLock=true))
Was this page helpful? Yes No Submitting... Thank you

Comments