Skip to Content
Information
Unsupported content This version of the documentation is no longer supported. However, the documentation is available for your convenience. You will not be able to leave comments.

Configuring LDAP with Sun Java System Directory Server

By default, the Sun Java System Directory Server allows anonymous users to browse the directory, but only authenticated users are able to see whether a user account is disabled. To use custom validation filters, the Authentication Service must be configured with LDAP credentials.

The 

Warning

The macro unmigrated-inline-wiki-markup from Confluence is no longer available.

Authentication Server uses the LDAPv3 StartTLS protocol extension to provide endpoint authentication, data confidentiality, and integrity. Sun Directory Server does not, by default, enable StartTLS when installed on Microsoft Windows. You must enable StartTLS by setting ds-start-tls-enabled to on.

An account is considered disabled when the nsAccountLock attribute is set to true. The following user validation filter can be used to prevent disabled users from refreshing their session credentials:

(!(nsAccountLock=true))

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*

BMC Decision Support for Server Automation 8.3