LDAP server information file

Information about LDAP server locations and capabilities can be saved in a server information file. The ldap_server_locate() routine can read this server information file when the LDAP client must locate a server. You can create this file using the ldap_server_conf_save() routine, or you can create and maintain it manually.

Guideline: Use the ldap_server_conf_save() routine to create the server information file.

Rules: If you choose to create and manually maintain the server information file, follow these rules:

The contents of the file must be in the IBM-1047 code page.
The maximum line length is 1023 characters.
Blank lines are ignored.
Comment lines must have a # as the first non-blank character.
All parameters are positional.
The first non-comment line must contain the expiration time for the file. This time is a decimal number and is expressed as a POSIX time value (number of seconds since January 1, 1970 UTC). A value of 0 indicates that the file does not expire.
Each line following the server-information-file expiration time represents an LDAP server definition.
Incorrect numeric values are treated as zero values.

Each LDAP server is defined by a line in the following format:

service domain host [priority [weight [port [replica [security [naming [vendor [general]]]]]]]]

The fields are positional and are defined as follows:

service: Specifies the service name and is formed by combining the service key and the optional eNetwork domain name as service_key.enetwork_domain. This field must be specified.
domain: Specifies the DNS domain name for the LDAP server. This field must be specified.
host: Specifies the fully qualified DNS name of the LDAP server host. This field must be specified.
priority: A decimal number that specifies the priority that is assigned to the LDAP server. The ldap_server_locate() routine returns the server list that is ordered by priority. (The priority decreases as the priority number increases.) Specify 0 for the priority if the servers are not to be ordered by priority. This field can be omitted if all the following fields are also omitted, in which case the priority defaults to 0.
weight: A decimal number that specifies the weight that is assigned to the LDAP server within the priority classification. The weight is used as a load-balancing mechanism and indicates the capacity of the LDAP server relative to other servers with the same priority value. Servers with a larger weight are selected more often than servers with a smaller weight. Specify 0 for the weight if load balancing is not needed. This field can be omitted if all the following fields are also omitted, in which case the weight defaults to 0.
port: A decimal number that specifies the port to use to contact the LDAP server. This field can be omitted if all the following fields are also omitted, in which case the port defaults to 389.
replica: Specifies whether the LDAP server is a master or a replica. Specify 1 to indicate master and 2 to indicate replica. This field can be omitted if all the following fields are also omitted, in which case replica defaults to 0 (replica type not specified).
security: Specifies the connection security mechanism. Specify 1 to indicate non-SSL and 2 to indicate SSL. This field can be omitted if all the following fields are also omitted, in which case the security defaults to 0 (security type not specified).
naming: Specifies the naming context that is supported by the server. The string must be enclosed in double quotation marks if it contains any white space characters. A double quotation mark or backslash in the string must be escaped using a backslash. Multiple server entries must be defined if the LDAP server supports more than one naming context. This field can be omitted if all the following fields are also omitted. Otherwise, it must be specified as "" if there is no naming context for the LDAP server.
vendor: Specifies vendor information for the LDAP server. The string must be enclosed in double quotation marks if it contains any white space characters. A double quotation mark or backslash in the string must be escaped using a backslash. This field can be omitted if the following field is also omitted. Otherwise, it must be specified as "" if there is no vendor information for the LDAP server.
general: Specifies general information for the LDAP server. The string must be enclosed in double quotation marks if it contains any white space characters. A double quotation mark or backslash in the string must be escaped using a backslash. This field can be omitted or specified as "" if there is no general information for the LDAP server.

Example of a server information file

Following is a sample server information file:

    ######################################################################
    #  Sample LDAP local configuration file                              #
    ######################################################################
    0
    ldap.research endicott.ibm.com sysa.endicott.ibm.com 0 0 389 1 1
    ldap.research endicott.ibm.com sysa.endicott.ibm.com 0 0 636 1 2
    ldap.research endicott.ibm.com backup.endicott.ibm.com 5 0 389 1 1
    ldap.research endicott.ibm.com backup.endicott.ibm.com 5 0 636 1 2
    _ldap endicott.ibm.com sysb.endicott.ibm.com 0 0 636 1 2 "o=ibm,c=us"
    _ldap endicott.ibm.com sysb.endicott.ibm.com 0 0 636 1 2 "dc=ibm,dc=com"
    _ldap.endicott.ibm.com replica.endicott.ibm.com 0 0 636 2 2 "o=ibm,c=us"
    _ldap encoditt.ibm.com replica.endicott.ibm.com 0 0 636 2 2 "dc=ibm,dc=com"

The sysa.endicott.ibm.com and backup.endicott.ibm.com systems have LDAP servers that are part of the research eNetwork domain. The LDAP server on backup.endicott.ibm.com is used only if the LDAP server on sysa.endicott.ibm.com is not available. Note that there are two entries for each host: one for the non-SSL connection and the other for the SSL connection.

The sysb.endicott.ibm.com and replica.endicott.ibm.com systems have LDAP servers that are not part of an eNetwork domain. They support naming contexts "o=ibm,c=us" and "dc=ibm,dc=com". The LDAP server on sysb.endicott.ibm.com is the master server and the LDAP server on replica.endicott.ibm.com is a replica server. Note that there are two entries for each host: one for naming context "o=ibm,c=us" and the other for naming context "dc=ibm,dc=com".