What Are LDAPBind Login Schemes?

LDAPBind login schemes are ones that allow you to perform authentication against users who are set up in your corporate LDAP directory. This allows you to keep the user data in an existing LDAP directory and continue to make use of any existing account and password management policies.

Lawson's LDAP functionality requires that the bind be performed against a single LDAP instance and that all Lawson users be locatable from within a single directory information tree (DIT) in this LDAP instance. However, the users can all be in a single container or within multiple containers in the LDAP instance. In the case of multiple containers, you must configure a user and search filter for locating the users. At the time of authentication, this information is used to look up users within the LDAP directory.

You can also set up LDAP referrals (which are LDAP objects that contain the distinguished name and host/port information to locate other LDAP objects). Referrals allow you to find users that may be located in other LDAP directories within the same forest. In addition, the LDAP bind functionality can follow referrals when looking up users. It is also possible to set up the LDAP directory to allow the lookup of users by Windows domains. This is a variation of the feature that allows the use of multiple LDAP containers, and allows you to supply domain information during the Lawson authentication process.

Another available option is the use of LDAP aliases, which are objects that contain the distinguished name of other objects. When you look up an object by using the alias, the alias is dereferenced so that what is returned is the object pointed to by the alias's distinguished name (DN).

A successful LDAP bind requires any search to be able to always find a unique user. If the search finds multiple users, the authentication process will fail.

In addition, before you set up an LDAPBind login scheme, the user structure contained bindable users must already be set up in your LDAP directory. A bindable LDAP user is one that has the userPassword attribute set on it. An example LDIF for a bindable LDAP user looks like the following:

dn: cn-lawson,ou=users,o=lawson
userPassword: lawson
objectclass: top
objectclass: inetOrgPerson
sn: lawson
cn: lawson