Lightweight Directory Access Protocol test query utility settings
Use this page to test Lightweight Directory Access Protocol (LDAP) server connections and search filters.
- Click .
- Under the User account repository section, select Federated repositories
or Standalone LDAP registry from the Available realm
definitions field and click Configure.If you selected Federated repositories, complete the following steps:
- If repositories are listed in the Repositories in the Realm table, complete the following steps:
- Click the link for a repository under the Repository Identifier column.
- Under Related Items on the repository detail page, click LDAP Test Query.
- If no repositories are listed in the Repositories in the Realm table, complete the following steps:
- Click Add repositories (custom, LDAP, etc).
- Click New repository, and then select LDAP repository.
- On the New page for the LDAP configuration, click LDAP Test Query under Related Items.
- If repositories are listed in the Repositories in the Realm table, complete the following steps:
Host
Specifies the LDAP server host name. This host name is either an IP address or a domain name server (DNS) name.
Port
Specifies the LDAP server port number.
Information | Value |
---|---|
Data type | Integer |
Default | 389 |
Range |
|
Base distinguished name (DN)
Specifies the base distinguished name of the directory service. This name indicates the
starting point for LDAP searches in the directory service. For example, ou=Rochester, o=IBM,
c=us
.
Bind authentication mechanism
Specifies which bind authentication mechanism that the application server uses to bind to the LDAP directory service.
Before fix pack 8.5.5.19, only simple bind authentication is supported.
Kerberos bind authentication with Generic Security Services API (GSSAPI) and simple bind authentication are supported.
Simple bind authentication
- Bind distinguished name (DN)
- Specifies the distinguished name for the application server to use when it binds to the LDAP
directory service. If no name is specified, the application server binds anonymously. The following
example is for a distinguished name:
ou=Rochester, o=IBM, c=US
- Bind password
- Specifies the password for the application server to use when it binds to the LDAP directory service.
Kerberos bind authentication with GSSAPI
- Kerberos principal name
- Specifies the Kerberos principal name or Kerberos service principal name that the application server uses to authenticate with the Key Distribution Center (KDC).
- Optional: Kerberos credential cache (Kerberos ticket cache)
-
Specifies the file location where Kerberos credentials for the Kerberos principal name or Kerberos service principal name are stored. This file is also known as the Kerberos ticket cache, or ccache.
If the Kerberos ticket cache and the Kerberos keytab are both specified, only the Kerberos ticket cache is used. If both the Kerberos ticket cache and the Kerberos keytab files are unspecified, the application server uses the default keytab file that is at the default system location.
- Optional: Kerberos configuration
-
Specifies the Kerberos configuration file name with its full path. Alternatively, click Browse to locate it. The Kerberos configuration file contains client configuration information, including the location of each Key Distribution Center (KDC) for the realm of interest. The following information gives the default file name and location for the Kerberos configuration file:
- /etc/krb5.conf
- C:\Windows\krb5.ini
- Optional: Kerberos keytab
-
Specifies a Kerberos keytab file name with its full path. The Kerberos keytab file contains one or more Kerberos principal or service principal names and a list of keys that are analogous to user passwords. The Kerberos keytab file is global for all Kerberos configurations, including SPNEGO and Kerberos Authentication. Protect Kerberos keytab files by storing them on a local disk to make them readable only by authorized users. The default keytab file name is
krb5.keytab
.If the Kerberos ticket cache and the Kerberos keytab are both specified, only the Kerberos ticket cache is used. If both the Kerberos ticket cache and the Kerberos keytab files are unspecified, the application server uses the default keytab file that is at the default system location.
SSL enabled
Specifies whether secure socket communications are enabled with the LDAP server. When this option is selected, LDAP Secure Sockets Layer (SSL) settings are used, if specified.
Centrally managed
Specifies that the selection of an SSL configuration is based on the outbound topology view for Java™ Naming and Directory Interface (JNDI). Centrally managed configurations support one location to maintain SSL configurations instead of having multiple locations for the SSL configurations across the configuration documents.
Use specific SSL alias
Specifies the SSL configuration alias to use for LDAP outbound SSL communications. This option overrides the centrally managed configuration for JNDI.
Enable referral to other LDAP servers
Specifies whether the search follows referrals if the user is not on the current server. The default is ignore.
Search filter string
Specifies the search filter string that you are looking for.
Search limit
Specifies how many search results to display.
Information | Value |
---|---|
Data type | Integer |
Default | 20 |
Maximum | 100 |