Directory server linkage definition file (Windows only)

Organization of this page

Format
Parameters by type
File name
Storage destination directory
Description
Application of settings
Definition details
Note
Definition examples

Format

[JP1_DEFAULT\JP1BASE\DIRSRV]

"ENABLE"=dword:{00000000 | 00000001 | 00000002}

"SERVER"=directory-server-name-or-domain-name

"PORT"=Destination-port-number

"SEARCH_USER_DN"=information-search-user-ID

"BASE_DN"=container-object-ID^#

"ATTR_NAME"=relative-ID-or-attribute-name

"SSL"=dword:{00000000 | 00000001}

"AREC_EXCLUSIVE"=dword:{00000000 | 00000001}

#:: The BASE_DN parameter can be specified only for the operation to use a linkage user.

To Page Top

Parameters by type

Required parameters:

None

Custom parameters:

ENABLE
SERVER
SEARCH_USER_DN
BASE_DN
ATTR_NAME
SSL

To Page Top

File name

jp1bs_ds_setup.conf (Directory server linkage definition file)

jp1bs_ds_setup.conf.model (Model file of the directory server linkage definition file)

To Page Top

Storage destination directory

installation-folder\conf\ds\

shared-folder\jp1base\conf\ds\ (in a cluster system)

To Page Top

Description

Specifies the common definition information on the authentication server in order to perform user authentication linking with the directory server. If you use a secondary authentication server, set up the function on both primary and secondary authentication servers.

To Page Top

Application of settings

Execute the jbssetcnf command to apply the settings of directory server linkage definition file (jp1bs_ds_setup.conf) to the common definition information. For details on the jbssetcnf command, see jbssetcnf in 15. Commands.

Triggers to make definitions effective are explained below.

For operation to use a linkage user

Definitions become effective at the time of login authentication.
For operation to use a DS user

Definitions become effective at the time of JP1/Base (authentication server) start. If directory server linkage definition is changed after JP1/Base starts, restart of JP1/Base or execution of the reload command (jbs_spmd_reload) is required.

To Page Top

Definition details

Define the following parameters in the directory server linkage definition file (jp1bs_ds_setup.conf).

ENABLE (Can be omitted)

Specify whether to link with the directory server. If you do not want to link with the directory server, specify as 00000000. Specify 00000001 to link with a directory server using a linkage user. Specify 00000002 to link with a directory server using a DS user. When omitted from the common definition information, the default of 00000000 applies.

SERVER

Specify the directory server name or domain name to link with the directory server with linked users.

Specify the domain name to link with the directory server with DS users.

jp1hosts information or jp1hosts2 information cannot resolve the name of the linked directory server or domain name to an IP address. Therefore, specify a linked directory server or a domain name so that the OS hosts file, for example, can resolve the name.

To use SSL, specify the directory server name in the FQDN format. You can enter a character string that is from 1 to 255 bytes.

Note

You can define only one domain controller host name for this parameter.

If, however, there are multiple domain controllers under a domain, you can reference all of them by specifying the name of that domain for this parameter.

PORT (Can be omitted)

Specify the destination port number of the directory server that is normally used in hexadecimal numbers. The specifiable range is 00000001 to 0000ffff.

If this parameter is not specified in the common definition information, the following port numbers are assumed:

When SSL is not used: 389 (00000185)
When SSL is used: 636 (0000027C)

SEARCH_USER_DN

Specify the ID for the information-search user who will access the directory server. You can specify a character string that is from 1 to 4,095 bytes. For the case of operation to use a linkage user, an information-search user is a directory server user who has view permission for the search-origin container object and the underlying container objects. For the case of operation to use a DS user, specify the user who has the write permission to the JP1 operating permission for users or groups. To invalidate this parameter, define "SEARCH_USER_DN"="".

You must specify this parameter for the case to use the directory server linkage extension function for the operation to use a linkage user or for the case of operation to use a DS user.

BASE_DN

This parameter is valid only for the operation to use a linkage user.

Specify the ID of the container object where JP1 users exist. You can enter a character string that is from 1 to 4,095 bytes.

If you specify the SEARCH_USER_DN parameter, the directory server will be able to link with the JP1 user in the container object specified with this parameter.

ATTR_NAME

Specify attribute names of the relative ID that is used as a JP1 user name and DS group. You can enter a character string that is from 1 to 255 bytes.

If you specify the SEARCH_USER_DN parameter, you will be able to specify one of the following attributes as the attribute used for the JP1 user name: Note that when UserPrincipalName is specified, the DS group name is assumed to be sAMAccountName. Ensure that the names are unique across multiple domains.

CN
sAMAccountName
UserPrincipalName

Note on using CN: To use the expanded directory server linkage function, make sure that the value of the CN attribute of each OS user (linked with a JP1 user) under the container object specified for the BASE_DN parameter is unique.

SSL (Can be omitted)

Specify whether to use SSL. Specify as 00000000 if you do not want to use SSL. When omitted from the common definition information, the default of 00000001 applies.

AREC_EXCLUSIVE (Can be omitted)

Specify how to connect to the directory server that is specified with the SERVER parameter, when linked users are used. Specify 00000000 to perform normal name resolution on connection. Specify 00000001 to perform simplified name resolution. This parameter is assumed to be 00000000 when the setting is not included in the common definition information. The value of 00000001 is useful when it takes a long time to resolve the name of the directory server.

To Page Top

Note

If you want to configure this file on a logical host, configure it on both the primary and secondary nodes. Replace JP1_DEFAULT in JP1_DEFAULT\JP1BASE with logical-host-name.

To Page Top

Definition examples

The following shows an example of a definition for performing user authentication linking with the directory server in the configuration shown below.

Figure 16‒10: Example of directory server configuration (when linking the container object "OU=JP1" to the directory server)

[JP1_DEFAULT\JP1BASE\DIRSRV]
"ENABLE"=dword:00000001
"SERVER"="host-A.domain.local"
"PORT"=dword:0000027C
"SEARCH_USER_DN"="CN=Groupcsearcher,OU=GroupC,DC=domain,DC=local"
"BASE_DN"="OU=JP1,DC=domain,DC=local"
"ATTR_NAME"="CN"
"SSL"=dword:00000001

Figure 16‒11: Example of directory server configuration (when linking the container object "OU=GroupC" and the underlying container objects to the directory server)

[JP1_DEFAULT\JP1BASE\DIRSRV]
"ENABLE"=dword:00000001
"SERVER"="host-A.domain.local"
"PORT"=dword:0000027C
"SEARCH_USER_DN"="CN=Groupcsearcher,OU=GroupC,DC=domain,DC=local"
"BASE_DN"="OU=GroupC,DC=domain,DC=local"
"ATTR_NAME"="sAMAccountName"
"SSL"=dword:00000001

To Page Top