auth-using-compare

Edit online

This stanza entry specifies whether ldap_compare() is used instead of the ldap_bind() call to verify the password and authenticate the user.

Syntax

auth-using-compare = {yes|true|no|false}

Description

Choice of whether ldap_compare() is used instead of the ldap_bind() call to verify the password and authenticate the user. For those LDAP servers that allow it, a compare operation might run faster than a bind operation. The value for each server can be different, depending on how that server is configured.

This option changes the method used by the following authorization API calls:

azn_util_client_authenticate()
azn_util_password_authenticate()

Options

yes|true: A compare operation is used to authenticate LDAP users. When using a generic LDAP server, the auth-using-compare-supported entry in the [ldap] stanza of the ldap.conf file must be set to yes.
no|false: A bind operation is used to authenticate LDAP users. When using a generic LDAP server, the auth-using-bind-supported entry in the [ldap] stanza of the ldap.conf file must be set to yes.
Any value other than yes|true, including a blank value, is interpreted as no|false.

To use this key value pair for performance tuning, see the IBM Verify Identity Access for Web: Performance Tuning Guide.

Usage

Optional

Default value

The default values are server-dependent.

Example

auth-using-compare = yes