The ARSLDAP.INI file

The ARS_LDAP_BIND_MESSAGES_FILE parameter enables Content Manager OnDemand to customize message text returned from an LDAP server that is used to alert users that their LDAP password is about to expire or their LDAP account is locked.

The messages displayed to users are contained in the file referenced by this parameter. To enable this user-configurable message functionality, create a file with the appropriate message strings, and set ARS_LDAP_BIND_MESSAGES_FILE to the full path of the file. The ARSLDAP.INI file is provided with example message strings that can be used by the ARS_LDAP_BIND_MESSAGES_FILE parameter.

The entries in the PASSWORD_EXPIRED and ACCOUNT_LOCKED sections are for Tivoli® Directory Server Version 6.x and Microsoft Active Directory (AD). These sections also contain three user-defined entries (UDEFx), allowing you to enter your own pattern strings for LDAP servers that are not directly supported.

The LDAP server may return additional information when the user's bind operation fails. When an error is returned from the LDAP server, Content Manager OnDemand reads the file referenced by the ARS_LDAP_BIND_MESSAGES_FILE parameter and searches under the two stanzas, [PASSWORD_EXPIRED] and [ACCOUNT_LOCKED], for user-defined text that matches the LDAP server error. If a match is found, Content Manager OnDemand will display the text found in the files defined under the [BIND_MESSAGES] stanza.

If the ARS_LDAP_BIND_MESSAGES_FILE parameter is not defined, has no file referenced, or the PASSWORD_EXPIRED or ACCOUNT_LOCKED files do not exist, the user will receive a default 'The server failed while attempting to logon' message.

Note: Currently only two error conditions can be handled: PASSWORD_EXPIRED and ACCOUNT_LOCKED. The section titles for these two conditions cannot be changed, but you can change the pattern strings and message text presented to the user to define any two error conditions.