Specifying LDAP for Windows Active Directory

Answer

The following information is required to change the authentication to LDAP. Please contact your Active Directory (AD) administrator to get this information.
1. LDAP/AD server IP address 
2. Port (Default: 389 for non-ssl configuration)
3. BaseDN 
4. BindDN 
5. BindPassword

The following is an example of the required information.
1.     Server : adserver.company.com
2.     Port : 389
3.     BaseDN: dc=users,dc=company,dc=com
4.     BindDN: cn=Manager,dc=Accounts,dc=company,dc=com
5.     BindPassword: password

Procedure
1.     Make a backup copy of the ldap.conf file.
     cp /nz/data/config/ldap.conf /nz/data/config/ldap.orig

2.     Comment out the following line in the /etc/ldap.conf file (if not already commented)
a.     Before
                                          i.    uri ldap://127.0.0.1/
b.    After
                                          i.    #uri ldap://127.0.0.1/

3.     Use the following command at the nzsql command prompt to set the authentication to LDAP, replacing the italicized text with values that match your AD environment: 
 SET AUTHENTICATION ldap base “dc=users,dc=company,dc=com”  server“adserver.company.com” port "389" version "3" scope "sub" ssl "off" attrname "sAMAccountName" binddn "cn=Manager,dc=Accounts,dc=company,dc=com" bindpw "password ";

4.     At the nzsql command prompt, check authentication
show authentication all;

5 .     Copy the modified /etc/ldap.conf file to /nz/data/config directory to persist the changes.
         cp /etc/ldap.conf /nz/data/config/ldap.conf