Directory server linkage definition file (Windows only)
- Organization of this page
Format
[JP1_DEFAULT\JP1BASE\DIRSRV] "ENABLE"=dword:{00000000 | 00000001 | 00000002} "SERVER"=directory-server-name-or-domain-name "PORT"=Destination-port-number "SEARCH_USER_DN"=information-search-user-ID "BASE_DN"=container-object-ID# "ATTR_NAME"=relative-ID-or-attribute-name "SSL"=dword:{00000000 | 00000001} "AREC_EXCLUSIVE"=dword:{00000000 | 00000001} |
- #:
-
The BASE_DN parameter can be specified only for the operation to use a linkage user.
Parameters by type
- Required parameters:
-
None
- Custom parameters:
-
-
ENABLE
-
SERVER
-
SEARCH_USER_DN
-
BASE_DN
-
ATTR_NAME
-
SSL
-
File name
jp1bs_ds_setup.conf (Directory server linkage definition file)
jp1bs_ds_setup.conf.model (Model file of the directory server linkage definition file)
Storage destination directory
installation-folder\conf\ds\
shared-folder\jp1base\conf\ds\ (in a cluster system)
Description
Specifies the common definition information on the authentication server in order to perform user authentication linking with the directory server. If you use a secondary authentication server, set up the function on both primary and secondary authentication servers.
Application of settings
Execute the jbssetcnf command to apply the settings of directory server linkage definition file (jp1bs_ds_setup.conf) to the common definition information. For details on the jbssetcnf command, see jbssetcnf in 15. Commands.
Triggers to make definitions effective are explained below.
-
For operation to use a linkage user
Definitions become effective at the time of login authentication.
-
For operation to use a DS user
Definitions become effective at the time of JP1/Base (authentication server) start. If directory server linkage definition is changed after JP1/Base starts, restart of JP1/Base or execution of the reload command (jbs_spmd_reload) is required.
Definition details
Define the following parameters in the directory server linkage definition file (jp1bs_ds_setup.conf).
- ENABLE (Can be omitted)
-
Specify whether to link with the directory server. If you do not want to link with the directory server, specify as 00000000. Specify 00000001 to link with a directory server using a linkage user. Specify 00000002 to link with a directory server using a DS user. When omitted from the common definition information, the default of 00000000 applies.
- SERVER
-
Specify the directory server name or domain name to link with the directory server with linked users.
Specify the domain name to link with the directory server with DS users.
jp1hosts information or jp1hosts2 information cannot resolve the name of the linked directory server or domain name to an IP address. Therefore, specify a linked directory server or a domain name so that the OS hosts file, for example, can resolve the name.
To use SSL, specify the directory server name in the FQDN format. You can enter a character string that is from 1 to 255 bytes.
- PORT (Can be omitted)
-
Specify the destination port number of the directory server that is normally used in hexadecimal numbers. The specifiable range is 00000001 to 0000ffff.
If this parameter is not specified in the common definition information, the following port numbers are assumed:
-
When SSL is not used: 389 (00000185)
-
When SSL is used: 636 (0000027C)
-
- SEARCH_USER_DN
-
Specify the ID for the information-search user who will access the directory server. You can specify a character string that is from 1 to 4,095 bytes. For the case of operation to use a linkage user, an information-search user is a directory server user who has view permission for the search-origin container object and the underlying container objects. For the case of operation to use a DS user, specify the user who has the write permission to the JP1 operating permission for users or groups. To invalidate this parameter, define "SEARCH_USER_DN"="".
You must specify this parameter for the case to use the directory server linkage extension function for the operation to use a linkage user or for the case of operation to use a DS user.
- BASE_DN
-
This parameter is valid only for the operation to use a linkage user.
Specify the ID of the container object where JP1 users exist. You can enter a character string that is from 1 to 4,095 bytes.
If you specify the SEARCH_USER_DN parameter, the directory server will be able to link with the JP1 user in the container object specified with this parameter.
- ATTR_NAME
-
Specify attribute names of the relative ID that is used as a JP1 user name and DS group. You can enter a character string that is from 1 to 255 bytes.
If you specify the SEARCH_USER_DN parameter, you will be able to specify one of the following attributes as the attribute used for the JP1 user name: Note that when UserPrincipalName is specified, the DS group name is assumed to be sAMAccountName. Ensure that the names are unique across multiple domains.
-
CN
-
sAMAccountName
-
UserPrincipalName
- Note on using CN
-
To use the expanded directory server linkage function, make sure that the value of the CN attribute of each OS user (linked with a JP1 user) under the container object specified for the BASE_DN parameter is unique.
-
- SSL (Can be omitted)
-
Specify whether to use SSL. Specify as 00000000 if you do not want to use SSL. When omitted from the common definition information, the default of 00000001 applies.
- AREC_EXCLUSIVE (Can be omitted)
-
Specify how to connect to the directory server that is specified with the SERVER parameter, when linked users are used. Specify 00000000 to perform normal name resolution on connection. Specify 00000001 to perform simplified name resolution. This parameter is assumed to be 00000000 when the setting is not included in the common definition information. The value of 00000001 is useful when it takes a long time to resolve the name of the directory server.
Note
If you want to configure this file on a logical host, configure it on both the primary and secondary nodes. Replace JP1_DEFAULT in JP1_DEFAULT\JP1BASE with logical-host-name.
Definition examples
The following shows an example of a definition for performing user authentication linking with the directory server in the configuration shown below.
[JP1_DEFAULT\JP1BASE\DIRSRV] "ENABLE"=dword:00000001 "SERVER"="host-A.domain.local" "PORT"=dword:0000027C "SEARCH_USER_DN"="CN=Groupcsearcher,OU=GroupC,DC=domain,DC=local" "BASE_DN"="OU=JP1,DC=domain,DC=local" "ATTR_NAME"="CN" "SSL"=dword:00000001
[JP1_DEFAULT\JP1BASE\DIRSRV] "ENABLE"=dword:00000001 "SERVER"="host-A.domain.local" "PORT"=dword:0000027C "SEARCH_USER_DN"="CN=Groupcsearcher,OU=GroupC,DC=domain,DC=local" "BASE_DN"="OU=GroupC,DC=domain,DC=local" "ATTR_NAME"="sAMAccountName" "SSL"=dword:00000001