Example configuration scenarios

This section shows scenarios of LDAP server configurations. Only some of the options that can be specified for each section of the LDAP server configuration file are shown. See Table 1 for a complete list of the options that are available for each section.

Configuring a TDBM backend with SSL/TLS and password encryption or hashing

The configuration example in this section uses the TDBM backend and shows a sample configuration file.

Sample ds.conf for TDBM, SSL/TLS, and password encryption or hashing:

# Filename ds.conf
 
# Global section
sizelimit 500
timelimit 3600
adminDn "cn=LDAP Administrator,o=Your Company"
 
listen ldaps://:636
sslAuth serverClientAuth
sslCertificate none
sslCipherSpecs 15104
sslKeyRingFile /u01/ldapsrv/ldapsrv.kdb
sslKeyRingPWStashFile /u01/ldapsrv/ldapsrv.sth 
                                               
# TDBM backend section                         
database tdbm GLDBTD31/GLDBTD64 LocalDirectory
suffix "o=Your Company"                        
servername LOC1                                
dbuserid GLDSRV                               
attrOverflowSize 500                           
pwEncryption MD5

Configuring SDBM and GDBM (Db2-based) backends

The configuration example in this section uses SDBM and GDBM backends and shows a sample configuration file. In this example, the GDBM backend is based on Db2®.

Sample ds.conf for SDBM and GDBM:

# Filename ds.conf
 
# Global section
sizelimit 500
timelimit 3600
adminDn "racfid=ldadmin,profiletype=user,cn=myRACF"
listen ldap://:pc
listen ldap://:389

# SDBM backend section
database sdbm GLDBSD31/GLDBSD64
suffix "cn=myRACF"      
enableResources on

# GDBM backend section  
database gdbm GLDBGD31/GLDBTD64  
servername LOC1         
dbuserid GLDSRV        
attrOverflowSize 500

Configuring SDBM and TDBM backends

The configuration example in this section uses both SDBM and TDBM backends and shows a sample configuration file.

Sample ds.conf for SDBM and TDBM:

# Filename ds.conf
 
# Global section
sizelimit 500
timelimit 3600
adminDn "racfid=ldadmin,profiletype=user,cn=myRACF"
listen ldap://:389
 
# SDBM backend section
database sdbm GLDBSD31/GLDBSD64  
suffix "cn=myRACF"      
enableResources on

# TDBM backend section  
database tdbm GLDBTD31/GLDBTD64  
suffix "o=Your Company" 
servername LOC1         
dbuserid GLDSRV        
attrOverflowSize 500

Configuring LDBM with native authentication and GDBM (file-based) backends

The configuration example in this section uses both LDBM and GDBM backends and shows a sample configuration file.

The GDBM backend is based on the z/OS® UNIX System Services file system.

Sample ds.conf for LDBM and GDBM:

# Filename ds.conf
 
# Global section
sizelimit 500
timelimit 3600
adminDn "cn=LDAP Administrator,o=My Company
listen ldap://:389

# GDBM backend section
database gdbm GLDBGD31/GLDBGD64

# LDBM backend section
database ldbm GLDBLD31/GLDBLD64
suffix "o=My Company"
usenativauth all
nativeauthsubtree all

Configuring LDBM and CDBM backends with advanced replication and password policy

The configuration example in this section uses both CDBM and LDBM backends and shows a sample configuration file. Password policy is supported because CDBM is configured and the server compatibility level is 6 or higher (by default).

Sample ds.conf for CDBM and LDBM:

# Filename ds.conf

# Global section
sizelimit 500
timelimit 3600
adminDn "cn=LDAP Administrator,o=My Company
listen ldap://:389

# LDBM backend section
database ldbm GLDBLD31/GLDBLD64
suffix "o=My Company"

# CDBM backend section
database cdbm GLDBCD31/GLDBCD64
useAdvancedReplication on

Configuring an EXOP backend

The configuration example in this section uses an EXOP backend and shows a sample configuration file. Use of the EXOP backend is deprecated.

Sample ds.conf for EXOP:

# Filename ds.conf

# Global section
listen ldap://:pc

# EXOP backend section
database exop GLDXPD31/GLDXPD64