Directory server linkage definition file (Windows only)

Format

To Page Top

File name

jp1bs_ds_setup.conf (Directory server linkage definition file)

jp1bs_ds_setup.conf.model (Model file of the directory server linkage definition file)

To Page Top

Storage destination directory

installation-folder\conf\ds\

shared-folder\jp1base\conf\ds\ (in a cluster system)

To Page Top

Description

Specifies the common definition information on the authentication server in order to perform login authentication linking with the directory server. If you use a secondary authentication server, set up the function on both primary and secondary authentication servers.

To Page Top

Application of settings

Execute the jbssetcnf command to apply the settings of directory server linkage definition file (jp1bs_ds_setup.conf) to the common definition information. For details on the jbssetcnf command, see jbssetcnf in 15. Commands.

To Page Top

Definition details

Define the following parameters in the directory server linkage definition file (jp1bs_ds_setup.conf).

ENABLE (Can be omitted)

Specify whether to link with the directory server. If you do not want to link with the directory server, specify as 00000000. If you want to link with the directory server, specify as 00000001. When omitted from the common definition information, the default of 00000000 applies.

SERVER

Specify the directory server for normal use. To use SSL, specify the directory server name in the FQDN format. You can enter a character string that is from 1 to 255 bytes.

PORT (Can be omitted)

Specify the destination port number of the directory server that is normally used in hexadecimal numbers. The specifiable range is 00000001 to 0000ffff. When omitted from the common definition information, the default is 00000185 in environments that do not use SSL (port number 389), and 0000027C in environments that use SSL (port number 636).

SEARCH_USER_DN (Can be omitted)

Specify the ID for the information-search user who will access the directory server. You can specify a character string that is from 1 to 4,095 bytes. An information-search user is a directory server user who has view permission for the search-origin container object and the underlying container objects. To invalidate this parameter, define "SEARCH_USER_DN"="".

BASE_DN

Specify the ID of the container object where JP1 users exist. You can enter a character string that is from 1 to 4,095 bytes.

If you specify the SEARCH_USER_DN parameter, the directory server will be able to link with the JP1 user in the container object specified with this parameter.

ATTR_NAME

Specify attribute names of the relative ID that is used as a JP1 user name. You can enter a character string that is from 1 to 255 bytes.

If you specify the SEARCH_USER_DN parameter, you will be able to specify one of the following attributes as the attribute used for the JP1 user name:

• CN

• sAMAccountName

• UserPrincipalName

SSL (Can be omitted)

Specify whether to use SSL. Specify as 00000000 if you do not want to use SSL. When omitted from the common definition information, the default of 00000001 applies.

To Page Top

Note

If you want to configure this file on a logical host, configure it on both the primary and secondary nodes. Replace JP1_DEFAULT in JP1_DEFAULT\JP1BASE with logical-host-name.

To Page Top

Definition examples

The following shows an example of a definition for performing login authentication linking with the directory server in the configuration shown below.

[JP1_DEFAULT\JP1BASE\DIRSRV]
"ENABLE"=dword:00000001
"SERVER"="host-A.domain.local"
"PORT"=dword:0000027C
"SEARCH_USER_DN"=""
"BASE_DN"="OU=JP1,DC=domain,DC=local"
"ATTR_NAME"="CN"
"SSL"=dword:00000001

[JP1_DEFAULT\JP1BASE\DIRSRV]
"ENABLE"=dword:00000001
"SERVER"="host-A.domain.local"
"PORT"=dword:0000027C
"SEARCH_USER_DN"="CN=Groupcsearcher,OU=GroupC,DC=domain,DC=local"
"BASE_DN"="OU=GroupC,DC=domain,DC=local"
"ATTR_NAME"="sAMAccountName"
"SSL"=dword:00000001

To Page Top