Example configuration scenarios
This section shows scenarios of LDAP server configurations. Only some of the options that can be specified for each section of the LDAP server configuration file are shown. See Table 1 for a complete list of the options that are available for each section.
Configuring a TDBM backend with SSL/TLS and password encryption or hashing
The configuration example in this section uses the TDBM backend and shows a sample configuration file.
# Filename ds.conf
# Global section
sizelimit 500
timelimit 3600
adminDn "cn=LDAP Administrator,o=Your Company"
listen ldaps://:636
sslAuth serverClientAuth
sslCertificate none
sslCipherSpecs 15104
sslKeyRingFile /u01/ldapsrv/ldapsrv.kdb
sslKeyRingPWStashFile /u01/ldapsrv/ldapsrv.sth
# TDBM backend section
database tdbm GLDBTD31/GLDBTD64 LocalDirectory
suffix "o=Your Company"
servername LOC1
dbuserid GLDSRV
attrOverflowSize 500
pwEncryption MD5
Configuring SDBM and GDBM (Db2-based) backends
The configuration example in this section uses SDBM and GDBM backends and shows a sample configuration file. In this example, the GDBM backend is based on Db2®.
# Filename ds.conf
# Global section
sizelimit 500
timelimit 3600
adminDn "racfid=ldadmin,profiletype=user,cn=myRACF"
listen ldap://:pc
listen ldap://:389
# SDBM backend section
database sdbm GLDBSD31/GLDBSD64
suffix "cn=myRACF"
enableResources on
# GDBM backend section
database gdbm GLDBGD31/GLDBTD64
servername LOC1
dbuserid GLDSRV
attrOverflowSize 500
Configuring SDBM and TDBM backends
The configuration example in this section uses both SDBM and TDBM backends and shows a sample configuration file.
# Filename ds.conf
# Global section
sizelimit 500
timelimit 3600
adminDn "racfid=ldadmin,profiletype=user,cn=myRACF"
listen ldap://:389
# SDBM backend section
database sdbm GLDBSD31/GLDBSD64
suffix "cn=myRACF"
enableResources on
# TDBM backend section
database tdbm GLDBTD31/GLDBTD64
suffix "o=Your Company"
servername LOC1
dbuserid GLDSRV
attrOverflowSize 500
Configuring LDBM with native authentication and GDBM (file-based) backends
The configuration example in this section uses both LDBM and GDBM backends and shows a sample configuration file.
The GDBM backend is based on the z/OS® UNIX System Services file system.
# Filename ds.conf
# Global section
sizelimit 500
timelimit 3600
adminDn "cn=LDAP Administrator,o=My Company
listen ldap://:389
# GDBM backend section
database gdbm GLDBGD31/GLDBGD64
# LDBM backend section
database ldbm GLDBLD31/GLDBLD64
suffix "o=My Company"
usenativauth all
nativeauthsubtree all
Configuring LDBM and CDBM backends with advanced replication and password policy
The configuration example in this section uses both CDBM and LDBM backends and shows a sample configuration file. Password policy is supported because CDBM is configured and the server compatibility level is 6 or higher (by default).
# Filename ds.conf
# Global section
sizelimit 500
timelimit 3600
adminDn "cn=LDAP Administrator,o=My Company
listen ldap://:389
# LDBM backend section
database ldbm GLDBLD31/GLDBLD64
suffix "o=My Company"
# CDBM backend section
database cdbm GLDBCD31/GLDBCD64
useAdvancedReplication on
Configuring an EXOP backend
The configuration example in this section uses an EXOP backend and shows a sample configuration file. Use of the EXOP backend is deprecated.
# Filename ds.conf
# Global section
listen ldap://:pc
# EXOP backend section
database exop GLDXPD31/GLDXPD64