Sample LDAP configurations

The Content Manager OnDemand user ID of admin is not subjected to the LDAP authentication.

The initial bind LDAP user ID and password (ARS_LDAP_BIND_DN and ARS_LDAP_BIND_DN_PWD) are no longer specified in the ARS.CFG file. The initial bind LDAP user ID and password are stored in the instance stash file by using the ARSSTASH command. If ARS_LDAP_ALLOW_ANONYMOUS is set to FALSE, both values must exist in the stash file or the LDAP authentication will fail. You can view LDAP parameters based on your system platform in the Specifying the ARS.CFG file for the instance section of the Content Manager OnDemand for Multiplatforms: Installation and Configuration Guide.
Anonymous Bind LDAP Server:
ARS_LDAP_SERVER=ldap1.yourcompany.com
ARS_LDAP_PORT=
ARS_LDAP_USE_SSL=FALSE
ARS_LDAP_BASE_DN=ou=yourgroup,o=yourcompany.com
ARS_LDAP_BIND_ATTRIBUTE=mail
ARS_LDAP_MAPPED_ATTRIBUTE=userid
ARS_LDAP_ALLOW_ANONYMOUS=TRUE
ARS_LDAP_BIND_MESSAGES_FILE=
ARS_LDAP_IGN_USERIDS=ADMIN,user1,user2
Microsoft™ Active Directory (AD) server:
ARS_LDAP_SERVER=adserver.yourcompany.com
ARS_LDAP_PORT=
ARS_LDAP_USE_SSL=FALSE
ARS_LDAP_BASE_DN=dc=ondemand,dc=yourdomain,dc=local
ARS_LDAP_BIND_ATTRIBUTE=cn
ARS_LDAP_MAPPED_ATTRIBUTE=sAMAccountName
ARS_LDAP_ALLOW_ANONYMOUS=FALSE
ARS_LDAP_BIND_MESSAGES_FILE=
ARS_LDAP_IGN_USERIDS=ADMIN,user1,user2
Microsoft Active Directory Application Mode (ADAM) server:
ARS_LDAP_SERVER=adamserver.yourcompany.com
ARS_LDAP_PORT=
ARS_LDAP_USE_SSL=FALSE
ARS_LDAP_BASE_DN=ou=yourlocation,o=yourcompany
ARS_LDAP_BIND_ATTRIBUTE=mail
ARS_LDAP_MAPPED_ATTRIBUTE=cn
ARS_LDAP_ALLOW_ANONYMOUS=FALSE
ARS_LDAP_BIND_MESSAGES_FILE=
ARS_LDAP_IGN_USERIDS=ADMIN,user1,user2
IBM® Tivoli® Directory server (TDS) with SSL:
ARS_LDAP_SERVER=yourtds.yourcompany.com
ARS_LDAP_PORT=
ARS_LDAP_USE_SSL=TRUE
ARS_LDAP_KEYRING_FILE=/opt/IBM/ondemand/V10.1/config/ondemand.kdb
ARS_LDAP_KEYRING_LABEL=LDAP Label
ARS_LDAP_BASE_DN=ou=yourlocation,o=yourcompany
ARS_LDAP_BIND_ATTRIBUTE=email
ARS_LDAP_MAPPED_ATTRIBUTE=sn
ARS_LDAP_ALLOW_ANONYMOUS=FALSE
ARS_LDAP_BIND_MESSAGES_FILE=
ARS_LDAP_IGN_USERIDS=ADMIN,user1,user2
Novel eDirectory server:
ARS_LDAP_SERVER=yournds.yourcompany.com
ARS_LDAP_PORT=
ARS_LDAP_USE_SSL=FALSE
ARS_LDAP_BASE_DN=ou=yourlocation,o=yourcompany
ARS_LDAP_BIND_ATTRIBUTE=mail
ARS_LDAP_MAPPED_ATTRIBUTE=cn
ARS_LDAP_ALLOW_ANONYMOUS=FALSE
ARS_LDAP_BIND_MESSAGES_FILE=
ARS_LDAP_IGN_USERIDS=ADMIN,user1,user2
Sun Java™ Directory server (JDS)
ARS_LDAP_SERVER=yourjds.yourcompany.com
ARS_LDAP_PORT=
ARS_LDAP_USE_SSL=FALSE
ARS_LDAP_BASE_DN=ou=boulder,o=yourcompany
ARS_LDAP_BIND_ATTRIBUTE=mail
ARS_LDAP_MAPPED_ATTRIBUTE=cn
ARS_LDAP_ALLOW_ANONYMOUS=FALSE
ARS_LDAP_BIND_MESSAGES_FILE=
ARS_LDAP_IGN_USERIDS=ADMIN,user1,user2
Parent topic: LDAP authentication processes