LDAP server information file
Information about LDAP server locations and capabilities can be saved in a server information file. The ldap_server_locate() routine can read this server information file when the LDAP client must locate a server. You can create this file using the ldap_server_conf_save() routine, or you can create and maintain it manually.
Guideline: Use the ldap_server_conf_save() routine to create the server information file.
- The contents of the file must be in the IBM-1047 code page.
- The maximum line length is 1023 characters.
- Blank lines are ignored.
- Comment lines must have a
#
as the first non-blank character. - All parameters are positional.
- The first non-comment line must contain the expiration time for
the file. This time is a decimal number and is expressed as a POSIX
time value (number of seconds since January 1, 1970 UTC). A value
of
0
indicates that the file does not expire. - Each line following the server-information-file expiration time represents an LDAP server definition.
- Incorrect numeric values are treated as zero values.
service domain host [priority [weight [port [replica [security [naming [vendor [general]]]]]]]]
The
fields are positional and are defined as follows:- service
- Specifies the service name and is formed by combining the service key and the optional eNetwork domain name as service_key.enetwork_domain. This field must be specified.
- domain
- Specifies the DNS domain name for the LDAP server. This field must be specified.
- host
- Specifies the fully qualified DNS name of the LDAP server host. This field must be specified.
- priority
- A decimal number that specifies the priority that is assigned
to the LDAP server. The ldap_server_locate() routine returns
the server list that is ordered by priority. (The priority decreases
as the priority number increases.) Specify
0
for the priority if the servers are not to be ordered by priority. This field can be omitted if all the following fields are also omitted, in which case the priority defaults to0
. - weight
- A decimal number that specifies the weight that is assigned to
the LDAP server within the priority classification. The weight is
used as a load-balancing mechanism and indicates the capacity of the
LDAP server relative to other servers with the same priority value.
Servers with a larger weight are selected more often than servers
with a smaller weight. Specify
0
for the weight if load balancing is not needed. This field can be omitted if all the following fields are also omitted, in which case the weight defaults to0
. - port
- A decimal number that specifies the port to use to contact the
LDAP server. This field can be omitted if all the following fields
are also omitted, in which case the port defaults to
389
. - replica
- Specifies whether the LDAP server is a master or a replica. Specify
1
to indicate master and2
to indicate replica. This field can be omitted if all the following fields are also omitted, in which case replica defaults to0
(replica type not specified). - security
- Specifies the connection security mechanism. Specify
1
to indicate non-SSL and2
to indicate SSL. This field can be omitted if all the following fields are also omitted, in which case the security defaults to0
(security type not specified). - naming
- Specifies the naming context that is supported by the server.
The string must be enclosed in double quotation marks if it contains
any white space characters. A double quotation mark or backslash in
the string must be escaped using a backslash. Multiple server entries
must be defined if the LDAP server supports more than one naming context.
This field can be omitted if all the following fields are also omitted.
Otherwise, it must be specified as
""
if there is no naming context for the LDAP server. - vendor
- Specifies vendor information for the LDAP server. The string must
be enclosed in double quotation marks if it contains any white space
characters. A double quotation mark or backslash in the string must
be escaped using a backslash. This field can be omitted if the following
field is also omitted. Otherwise, it must be specified as
""
if there is no vendor information for the LDAP server. - general
- Specifies general information for the LDAP server. The string
must be enclosed in double quotation marks if it contains any white
space characters. A double quotation mark or backslash in the string
must be escaped using a backslash. This field can be omitted or specified
as
""
if there is no general information for the LDAP server.
Example of a server information file
######################################################################
# Sample LDAP local configuration file #
######################################################################
0
ldap.research endicott.ibm.com sysa.endicott.ibm.com 0 0 389 1 1
ldap.research endicott.ibm.com sysa.endicott.ibm.com 0 0 636 1 2
ldap.research endicott.ibm.com backup.endicott.ibm.com 5 0 389 1 1
ldap.research endicott.ibm.com backup.endicott.ibm.com 5 0 636 1 2
_ldap endicott.ibm.com sysb.endicott.ibm.com 0 0 636 1 2 "o=ibm,c=us"
_ldap endicott.ibm.com sysb.endicott.ibm.com 0 0 636 1 2 "dc=ibm,dc=com"
_ldap.endicott.ibm.com replica.endicott.ibm.com 0 0 636 2 2 "o=ibm,c=us"
_ldap encoditt.ibm.com replica.endicott.ibm.com 0 0 636 2 2 "dc=ibm,dc=com"
The sysa.endicott.ibm.com
and backup.endicott.ibm.com
systems
have LDAP servers that are part of the research eNetwork domain. The
LDAP server on backup.endicott.ibm.com
is used only
if the LDAP server on sysa.endicott.ibm.com
is not
available. Note that there are two entries for each host: one for
the non-SSL connection and the other for the SSL connection.
The sysb.endicott.ibm.com
and replica.endicott.ibm.com
systems
have LDAP servers that are not part of an eNetwork domain. They support
naming contexts "o=ibm,c=us"
and "dc=ibm,dc=com"
.
The LDAP server on sysb.endicott.ibm.com
is the master
server and the LDAP server on replica.endicott.ibm.com
is
a replica server. Note that there are two entries for each host: one
for naming context "o=ibm,c=us"
and the other for
naming context "dc=ibm,dc=com"
.