8.2.1 Specifying the directory server to be linked

If you want to perform login authentication linking with the directory server, you must set up the common definition information from the authentication server. The directory server linkage function is inactive by default, and needs to be set up in the common definition before you can use it. If you use a secondary authentication server, set up the function on both the primary authentication server and secondary authentication server.

In JP1/Base version 10-10 or later, you can use the following extended functions by linking with the directory server:

All OUs under the specified OU can be linked to the directory server.
As the attribute name used for a JP1 user name, you can use an attribute other than CN.

You can specify CN, sAMAccountName, or UserPrincipalName as the attribute name used for a JP1 user name.

If you want to use these extended functions, you must set up an information-search user, which is used to search for users linked to the directory server on the directory server. For details, see (2) Setting up the directory server (when the expanded directory server linkage function is used).

Organization of this subsection

(1) Setting up the directory server (when the expanded directory server linkage function is not used)
(2) Setting up the directory server (when the expanded directory server linkage function is used)
(3) Change the directory server to be linked

(1) Setting up the directory server (when the expanded directory server linkage function is not used)

The directory server administrator must register JP1 users in one container object when setting up the directory server. Note that a user linked to the directory server must have a CN (common name) attribute value that is the same as the corresponding JP1 user name.

Edit the directory server linkage definition file (jp1bs_ds_setup.conf).

For details on the directory server linkage definition file, see Directory server linkage definition file (Windows only) in 16. Definition Files.
Execute the jbssetcnf command.

The settings are reflected in the common definition information. For details about the jbssetcnf command, see jbssetcnf in 15. Commands.
Execute the jbschkds command.

This command allows you to check the settings for directory server linkage.

For details on the jbschkds command, see jbschkds (Windows only) in 15. Commands.

To Page Top

(2) Setting up the directory server (when the expanded directory server linkage function is used)

The directory server administrator must register JP1 users under the container object specified with the BASE_DN parameter in the directory server linkage definition file when setting up the directory server. Note that a user linked to the directory server must have the attribute value that is specified with the ATTR_NAME parameter in the directory server linkage definition file and that is the same as the corresponding JP1 user name.

Edit the directory server linkage definition file (jp1bs_ds_setup.conf).

Unlike when the expanded directory server linkage function is not used, the following settings are required:

BASE_DN

Specify the ID of the container object that the JP1 users belong to. Linkage to the JP1 users under the container object specified with this parameter will then be available.

SEARCH_USER_DN

Specify the ID of the information-search user used to access the directory server. The information-search user is a directory server user who has view permission for the search-origin container object and the underlying container objects.

ATTR_NAME

Specify the attribute name to be used as a JP1 user name from CN, sAMAccountName, and UserPrincipalName.

For details about the directory server linkage definition file, see Directory server linkage definition file (Windows only) in 16. Definition Files.
Execute the jbssetcnf command.

The settings are applied to the common definition information. For details about the jbssetcnf command, see jbssetcnf in 15. Commands.
Register the information-search user and the password in the authentication server host.

Register the information-search user and the password used to log in to the directory server as password management information in JP1/Base on the authentication server host. The password for the information-search user must be from 1 to 64 bytes. Use the jbsmkpass command, jbspassmgr command, or jbsumappass command for registration. Note that the user to be registered (information-search user) must be specified in the format of aduser/information-search-user-name.

For details about the individual commands, see jbsmkpass (Windows only), jbspassmgr (Windows only), or jbsumappass (Windows only) in 15. Commands.
Execute the jbschkds command.

Check the directory server linkage settings. For details about the jbschkds command, see jbschkds (Windows only) in 15. Commands.

Important note

When the expanded directory server linkage function is used, if you change the password information managed by the OS, you must also change the password management information for the information-search user set in JP1/Base.

To change the password management information in JP1/Base, change it on the User Mapping tab in the JP1/Base Environment Settings dialog box or by executing the jbsumappass or jbsrmumappass command.

To Page Top

(3) Change the directory server to be linked

You can temporarily change the directory server to be linked if the specified directory server cannot be used for reasons such as system failure. To change the server temporarily, create a configuration file containing the required definition information, and then execute the jbschgds command. To cancel the change, execute the jbschgds command again.

For details on the jbschkds command, see jbschkds (Windows only) in 15.Commands.

To Page Top