BaseDN
The distinguished name (DN) that IDOL Server uses to access the group object when you authenticate with an LDAP security repository, and you use GroupDN to specify a group that the user must belong to.
By default, IDOL Server uses the security details of the user who is logging on to the LDAP server to retrieve details stored in the group that you specify with GroupDN. You must set BaseDN
if the user does not have permission to retrieve the details in the group object.
If you have set KeyUserName, IDOL Server also uses the BaseDN
user to bind to the LDAP server and search for a user. In this case, you must set BaseDN
if the LDAP server does not allow anonymous binding.
If you set BaseDN
, you must specify a BaseDNPassword.
NOTE: When you are using a Kerberized LDAP server, either:
- Set BaseDN to the name of a user who can get a Ticket-Granting-Ticket within Kerberos, and BaseDNPassword to the password for this user.
- Alternatively, if you prefer not to have the username and password in the configuration file, you can run Community in an environment where a
kinit
has been performed by a user that can access LDAP using the SASL GSSAPI mechanism. Community uses the Kerberos credentials obtained bykinit
, so in this case BaseDN and BaseDNPassword are not required.
Type: | String |
Default: | |
Required: | No |
Configuration Section: | MySecurityRepository
|
Example: | BaseDN=Distinguished Name
|
See Also: | BaseDNPassword
GroupDN KeyUserName |