Creating an LDAPBind Login Scheme (Multiple Containers)

Use this procedure to create an LDAPBind login scheme for mutliple LDAP containers.

Before using this procedure to create the Landmark LDAPBind login scheme, the user structure containing bindable users must be already set up in the LDAP directory. A bindable LDAP user is one that has the userPassword attribute set on it. For example, LDIF (LDAP Data Interchange Format) for a bindable LDAP user may be configured as shown in the following example:

dn: cn=lawson,ou=users,o=lawson
userPassword: lawson
objectclass: top
objectclass: inetOrgPerson
sn: lawson
cn: lawson

To create an LDAPBind login scheme (multiple containers)

  1. In the Infor Rich Client, access the Security System Management application and then Login Scheme. On the Login Scheme List, select Actions > Create LDAP Bind Login Scheme and then edit the fields described below.

    - or -

    At a Landmark command prompt, type

    secadm loginscheme add SSOPV2_LDAP_BIND --schemetype WebUPLogin --loginprocedure LDAPBind --provider ldap_provider --rdn ldap_rdn --namingattr ldap_namingattr --multiplecontainers yes --searchfilter ldapSearchFilter --searchstructclass ldapSearchStruct --searchbinddn ldapSearchBinddn --searchbindpassword ldapSearchBindPassword --referral ldapReferralHandling --derefalias ldapDerefAlias

    where

    Option LRC Field Names Description
    login-scheme-name Login Scheme Specify the login scheme name.
    --description description Description Optional. Add a description of the login scheme name.
    --schemetype scheme-type Scheme Type Specify WebUPLogin.
    --loginprocedure login-procedure Login Procedure Specify LDAPBIND in order to authenticate web access based on LDAP entries stored in a customer-specified location instead of in the Lawson default location.
    --provider ldap_provider Provider

    The LDAP server host name and LDAP port formatted as a URL. For example,

    ldap://hostname:portnumber

    --rdn ldap_rdn RDN

    The Relative Distinguished Name (rdn) container for all users in the LDAP directory.

    For the multiple container scenario, this is the base DN of the LDAP directory tree from which we begin to search to locate users.

    --namingattr ldap_namingattr Naming Attr The naming attribute for users in the LDAP user container, for instance, cn or uid.
    --multiplecontainers Multiple Container Whether the users are in a single container or multiple containers. To set up a login scheme for multiple containers, use yes (select the check box in Infor Rich Client).
    --searchfilter Search Filter The filter used to search the LDAP structure, for example, (&(<NAMING_ATTR>=<NAMING_ATTR_VALUE>)(objectclass=<STRUCTURAL_OBJCLASS_VALUE>))
    --searchstructclass Search Struct Class The LDAP structure to search for to locate users. This can be anything that objectclass can be in an LDAP entry.
    --searchbinddn Search Priv Identity The distinguished name of a user with search privileges on the LDAP tree.
    --searchbindpassword Search Priv Password The password of the user with search privileges on the LDAP tree.
    --referral Referral Property How the search should handle referrals. Valid values are ignore, follow, and throw. The latter throws a ReferralException for each referral. Also, if the LDAP service provider receives a referral despite --referral being set to "ignore", it will throw a PartialResultException to indicate that more results might be forthcoming if the referral is followed.
    --derefalias Deref Alias Property

    How the search should handle aliases. Valid values are:

    • always, which means always dereference aliases.

    • never, which means never dereference aliases

    • finding, which means dereference aliases only during name resolution.

    • searching, which means dereference aliases only after name resolution.
  2. Assign the login scheme to the primary SSO service. At a Landmark command prompt, type

    secadm service update SSOPV2 --loginscheme SSOPV2_LDAP_BIND