Examples
LDAP URL
Example 1
<tt>ldap-url=ldaps://fram.us.int.vcorp.com:636/ou=Engineering,o=vcorp, c=us??sub?(mail=X)</tt>
Corresponding LDAP search syntax:
ldapsearch -p 636 -h fram.us.int.vcorp.com –b ou=Engineering,o=vcorp,c=us –s sub mail=’X’ dn
In this example, the LDAP AM connects securely on host/port:
-
fram.us.int.vcorp.com:636
and searches using the following variable values:
-
base: ou=Engineering,o=vcorp,c=us
scope: sub
filter: (mail=X)
where X is the actual value of external user ID
Example 2
<tt>ldap-url=ldap:///ou=Engineering%20Department,o=vcorp,c=us???(lastName=X)</tt>
Corresponding LDAP search syntax:
ldapsearch -p 389 -h localhost -b ìou=Engineering Department,o=vcorp,c=usî -s sub lastName=’X’ dn
In this example, the LDAP AM connects insecurely on host/port:
-
localhost:389
and searches using the following variable values:
-
base: ou=Engineering Department,o=vcorp,c=us
scope: sub
filter: (lastName=X)
where X is the actual value of external user ID
Example 3
<tt>ldap-url=ldaps://fram.us.int.vcorp.com/ou=Engineering,o=vcorp,c=us??? (mail=X)</tt>
Corresponding LDAP search syntax:
ldapsearch –p 636 -h fram.us.int.vcorp.com -b ìou=Engineering,o=vcorp,c=usî -s sub mail=’X’ dn
In this example, the LDAP AM connects securely on host/port:
-
fram.us.int.vcorp.com:636
and searches using the following variable values:
-
base: ou=Engineering,o=vcorp,c=us
scope: sub
filter: (mail=X)
where X is the actual value of external user ID
Choosing this scope only verifies the existence of the DN specified in the search base parameter.
gauth_ldap Section Using IBM RACF
Using IBM RACF, the gauth-ldap section contains the same options. The app-user and ldap-url options contain the RACF-specific information.
[gauth_ldap] app-user=racfid=TIMLDAP,profiletype=USER,sysplex=SYSPLEX2 password=+++ ldap-url=ldap://10.1.87.53:389/profiletype=USER,sysplex=SYSPLEX2??sub?(racfid=X) connect-timeout=3 retry-interval=4 retry-attempts=5
where TIMLDAP is the user created to access RACF.