Using Web Administration

Edit online

You can configure DIGEST-MD5 mechanism using the Web Administration Tool.

About this task

Under Server administration, expand the Manage security properties category in the navigation area of the Web Administration Tool, and then selectthe DIGEST-MD5 tab. The Digest-MD5 tab is displayed only if any one of the two conditions is satisfied:
  • The root DSE search returns the ibm-supportedCapabilities OID 1.3.18.0.2.32.69 for Digest-MD5.
  • The root DSE search returns DIGEST-MD5 as value of the supportedsaslmechanisms attribute.
The values of the controls in the Digest-MD5 tab are updated with the Digest-MD5 parameters from the entry “cn=Digest, cn=Configuration” in the configuration file when the tab is loaded.

Procedure

  1. Select the Enable Digest-MD5 check box to enable the Digest-MD5 mechanism.Note: When the Enable Digest-MD5 check box is selected, other controlsrelated to Digest-MD5 parameters on this tab are enabled and modifications to these controls are allowed.
  2. Under Server realm, you can use the preselected Default setting, which is the fully qualified host name of the server, or you can click Realm and type the name of the realm that you want to configure the server as. Note: If the ibm-slapdDigestRealm attribute in the configuration entry is set, the server uses that value instead of the default for the realm. In this case, the Realm button is preselected and the realm value is displayed in the field.This realm name is used by the client to determine which user name and password to use. When using replication, you want to have all the servers configured with the same realm.
  3. Under Username attribute, you can use the preselected Default setting, which is uid, or you can click Attribute and type the name of the attribute that you want the server to use to uniquely identify the user entry during DIGEST-MD5 SASL binds.Note: If the ibm-slapdDigestAttr attribute in the configuration entry is set, the server uses that value instead of the default for the Username attribute. In this case, the Attribute button is preselected and the attribute value is displayed in the field.
  4. If you are logged in as the directory administrator, under Administrator username, type the administrator user name. This field cannot be edited by members of the administrative group. If the user name specified on a DIGEST-MD5 SASL bind matches this string, the user is the administrator.Note: The administrator user name is case sensitive.
  5. When you are finished, click Apply to save your changes without exiting, or click OK to apply your changes and exit, or click Cancel to exit this panel without making any changes.