Properties for LDAP user authentication

You can choose to use an LDAP server for authentication. When using LDAP, the users, user groups, and access control must be set up in the Sterling Order Management System Software system.

This section assumes you understand how LDAP servers work. It is also recommended that you read the following documents on LDAP technology:

• W. Yeong, T. Howes, and S. Kille, RFC 1777 - Lightweight Directory Access Protocol. March 1995. Available at the FAQs website.
• Mark Wilcox, Implementing LDAP. Wrox Press, 1999.

By default, all authentication is performed against the Sterling Order Management System Software database. When a user enters a login ID and password, it is validated against the login ID and password that is stored in the database. This requires the administrator of the Sterling Order Management System Software system to set up login IDs and passwords for each user.

Alternatively, the Application Consoles support LDAP-based user authentication. You may choose to use an LDAP server for authentication. When using LDAP, the users, user groups, and access control must be set up in the Sterling Order Management System Software system.

Sterling Order Management System Software also supports password expiration through LDAP. Your custom code for user authentication is interfaced with the Sterling Order Management System Software authentication mechanism. If your custom code contains ExpireInDays with a numeric value of <X>, then a message to reset the password appears in the Sterling Order Management System Software home page. If the map contains ChangePasswordLink then the message contains a link to the location specified. Clicking on the link opens a new window with the given ChangePasswordLink.

Since the various implementations of LDAP, handle password expiration differently a sample YFSLDAPAuthenticator is modified to provide an example of one particular implementation. This is located in the <INSTALL_DIR>/xapidocs/code_examples/java directory.