Sample LDAP configurations
The Content Manager OnDemand user ID of admin is not subjected to the LDAP authentication.
The initial bind LDAP user ID and password (ARS_LDAP_BIND_DN and ARS_LDAP_BIND_DN_PWD) are
no longer specified in the ARS.CFG configuration file. The initial bind LDAP user ID and password
are stored in the instance stash file by using the ARSSTASH command. If ARS_LDAP_ALLOW_ANONYMOUS
is set to FALSE, both values must exist in the stash file or the LDAP authentication will fail.
You can view LDAP parameters based on your system platform in the
Specifying the ARS.CFG file for the instancesection of the Content Manager OnDemand for Multiplatforms: Installation and Configuration Guide.
Anonymous Bind LDAP
Server:
ARS_LDAP_SERVER=ldap1.yourcompany.com
ARS_LDAP_PORT=
ARS_LDAP_USE_SSL=FALSE
ARS_LDAP_BASE_DN=ou=yourgroup,o=yourcompany.com
ARS_LDAP_BIND_ATTRIBUTE=mail
ARS_LDAP_MAPPED_ATTRIBUTE=userid
ARS_LDAP_ALLOW_ANONYMOUS=TRUE
ARS_LDAP_BIND_MESSAGES_FILE=
ARS_LDAP_IGN_USERIDS=ADMIN,user1,user2
Microsoft Active Directory (AD)
server:
ARS_LDAP_SERVER=adserver.yourcompany.com
ARS_LDAP_PORT=
ARS_LDAP_USE_SSL=FALSE
ARS_LDAP_BASE_DN=dc=ondemand,dc=yourdomain,dc=local
ARS_LDAP_BIND_ATTRIBUTE=cn
ARS_LDAP_MAPPED_ATTRIBUTE=sAMAccountName
ARS_LDAP_ALLOW_ANONYMOUS=FALSE
ARS_LDAP_BIND_MESSAGES_FILE=
ARS_LDAP_IGN_USERIDS=ADMIN,user1,user2
Microsoft Active Directory Application Mode (ADAM)
server:
ARS_LDAP_SERVER=adamserver.yourcompany.com
ARS_LDAP_PORT=
ARS_LDAP_USE_SSL=FALSE
ARS_LDAP_BASE_DN=ou=yourlocation,o=yourcompany
ARS_LDAP_BIND_ATTRIBUTE=mail
ARS_LDAP_MAPPED_ATTRIBUTE=cn
ARS_LDAP_ALLOW_ANONYMOUS=FALSE
ARS_LDAP_BIND_MESSAGES_FILE=
ARS_LDAP_IGN_USERIDS=ADMIN,user1,user2
IBM®
Tivoli® Directory server (TDS) with
SSL:
ARS_LDAP_SERVER=yourtds.yourcompany.com
ARS_LDAP_PORT=
ARS_LDAP_USE_SSL=TRUE
ARS_LDAP_KEYRING_FILE=/opt/IBM/ondemand/V10.5/config/ondemand.kdb
ARS_LDAP_KEYRING_LABEL=LDAP Label
ARS_LDAP_BASE_DN=ou=yourlocation,o=yourcompany
ARS_LDAP_BIND_ATTRIBUTE=email
ARS_LDAP_MAPPED_ATTRIBUTE=sn
ARS_LDAP_ALLOW_ANONYMOUS=FALSE
ARS_LDAP_BIND_MESSAGES_FILE=
ARS_LDAP_IGN_USERIDS=ADMIN,user1,user2
Novel eDirectory
server:
ARS_LDAP_SERVER=yournds.yourcompany.com
ARS_LDAP_PORT=
ARS_LDAP_USE_SSL=FALSE
ARS_LDAP_BASE_DN=ou=yourlocation,o=yourcompany
ARS_LDAP_BIND_ATTRIBUTE=mail
ARS_LDAP_MAPPED_ATTRIBUTE=cn
ARS_LDAP_ALLOW_ANONYMOUS=FALSE
ARS_LDAP_BIND_MESSAGES_FILE=
ARS_LDAP_IGN_USERIDS=ADMIN,user1,user2
Sun Java™ Directory server
(JDS)
ARS_LDAP_SERVER=yourjds.yourcompany.com
ARS_LDAP_PORT=
ARS_LDAP_USE_SSL=FALSE
ARS_LDAP_BASE_DN=ou=boulder,o=yourcompany
ARS_LDAP_BIND_ATTRIBUTE=mail
ARS_LDAP_MAPPED_ATTRIBUTE=cn
ARS_LDAP_ALLOW_ANONYMOUS=FALSE
ARS_LDAP_BIND_MESSAGES_FILE=
ARS_LDAP_IGN_USERIDS=ADMIN,user1,user2