LDAPURL
The LDAPURL option specifies the location of a Lightweight Directory Access Protocol (LDAP) server. Set the LDAPURL option after you configure the LDAP server.
Tip: The information in this documentation applies to the LDAP authentication method that is preferred for IBM Spectrum Protect™ V7.1.7 or later servers. For instructions about using the previous LDAP authentication method, see Managing passwords and logon procedures.
The following restrictions apply:
- The LDAPURL option cannot be used in combination with the SETOPT command.
- The LDAPURL option does not apply to storage agents.
Parameters
- ldap_url_value
- Specifies the URL of one LDAP server, or the URLs of multiple LDAP servers. You can enter multiple values, with each URL value up to 1024 characters. The port number is optional and defaults to 389. Each URL value must contain an LDAP server name. For example, the format of the server name is server1.storage.us.ibm.com and the LDAP port is 341. The value of the LDAPURL option must conform to the following specifications:
- If you specify multiple URLs, each URL must be on a separate line.
- If you specify multiple URLs, each URL must point to a different external directory, and all external directories must contain the same data.
- Each URL must begin with ldap://.Restriction: The URL that you designate cannot begin with ldaps://.
IBM Spectrum Protect supports LDAP connections that are secured with the standard LDAPv3 StartTLS operation, which establishes a secure Transport Layer Security (TLS) exchange on an existing LDAP connection. The LDAP Simple Bind operation that IBM Spectrum Protect uses does not protect the password when it is sent. A secure TLS connection is required to protect the password.
Example: Set the port value for an LDAP server
In the dsmserv.opt file, specify the port value as 341 for an LDAP server:ldapurl ldap://server1.storage.us.ibm.com:341/dc=storage,dc=us,dc=ibm,dc=com