Creating an LDAPBind Login Scheme (Single Container)

Use this procedure to create an LDAPBind login scheme for a single LDAP container.

Before using this procedure to create the Landmark LDAPBind login scheme, the user structure containing bindable users must be already set up in the LDAP directory. A bindable LDAP user is one that has the userPassword attribute set on it. For example, LDIF (LDAP Data Interchange Format) for a bindable LDAP user may be configured as shown in the following example:


`dn: cn=lawson,ou=users,o=lawson userPassword: lawson objectclass: top objectclass: inetOrgPerson sn: lawson cn: lawson`

To create an LDAPBind login scheme (single container)

In the Infor Rich Client, access the Security System Management application and then Login Scheme. On the Login Scheme List, select Actions > Create LDAP Bind Login Scheme and then edit the fields described below.

- or -

At a Landmark command prompt, type

secadm loginscheme add SSOPV2_LDAP_BIND --schemetype WebUPLogin --loginprocedure LDAPBind --provider ldap_provider --rdn ldap_rdn --namingattr ldap_namingattr

where


Option	LRC Field Names	Description
`login-scheme-name`	Login Scheme	Specify the login scheme name.
`--description description`	Description	Optional. Add a description of the login scheme name.
`--schemetype scheme-type`	Scheme Type	Specify WebUPLogin.
`--loginprocedure login-procedure`	Login Procedure	Specify LDAPBIND in order to authenticate web access based on LDAP entries stored in a customer-specified location instead of in the Lawson default location.
`--provider ldap_provider`	Provider	The LDAP server host name and LDAP port formatted as a URL. For example, `ldap://hostname:portnumber`
`--rdn ldap_rdn`	RDN	The Relative Distinguished Name (rdn) container for all users in the LDAP directory. For the single container scenario, this is the DN containing all the LDAP users.
`--namingattr ldap_namingattr`	Naming Attr	The naming attribute for users in the LDAP user container, for instance, `cn` or `uid`.

Assign the login scheme to the primary SSO service. At a Landmark command prompt, type

secadm service update SSOPV2 --loginscheme SSOPV2_LDAP_BIND

Example of an LDAPBind Login Scheme Command

This command

secadm loginscheme add SSOPV2_LDAP_BIND --schemetype WebUPLogin --loginprocedure LDAPBind --provider ldap://landmark.lawson.com:1234 --rdn ou=users,o=lawson --namingattr cn

results in a login scheme configured as shown below:

`Login Scheme name: SSOPV2_LDAP_BIND Login Scheme Name: SSOPV2_LDAP_BIND Description: Example of an LDAPBind Login Scheme Scheme Type: WebUPLogin Login Procedure: LDAPBind Provider: ldap://landmark.lawson.com:1234 Ctx Factory: com.sun.jndi.ldap.LdapCtxFactory RDN: ou=users,o=lawson Naming Attr: cn`

Login Scheme name: SSOPV2_LDAP_BIND
Login Scheme Name:      SSOPV2_LDAP_BIND
Description:            Example of an LDAPBind Login Scheme
Scheme Type:            WebUPLogin
Login Procedure:        LDAPBind
Provider:               ldap://landmark.lawson.com:1234
Ctx Factory:            com.sun.jndi.ldap.LdapCtxFactory
RDN:                    ou=users,o=lawson
Naming Attr:            cn