Create a text file with input properties for the secadm utility

The secadm utility uses a text file of properties as input for the command. You can create the file manually following instructions here or copy / paste the content in the next section.

  1. In the next step, you create a loginscheme "LDAPBIND." Make sure this logincheme does not already exist on your system.

    If it does exist, use a differnt name for the new loginscheme, for example, LDAPBIND_LMRK.

  2. Create a text file named LDAPAUTH.txt that contains the following properties:
    Note: For readability, the following file output example includes return characters. If you choose to copy/paste this content, depending on the tools you use, you might need to remove the return characters from your file. (See next section.) 
    loginscheme add LDAPBIND 
--ctxfactory com.sun.jndi.ldap.LdapCtxFactory 
--schemetype WebUPLogin 
--loginprocedure LDAPBind 
-–provider ldap://LDAPSERVER:LDAPSERVER_PORT 
--rdn LDAPSERVERRDN 
--namingattr userPrincipalName 
--multiplecontainers yes 
--searchfilter "(&(<NAMING_ATTR>=<NAMING_ATTR_VALUE>)(objectclass=<STRUCTURAL_OBJCLASS_VALUE>))" 
--searchstructclass user 
--searchbinddn DN_LDAP_user 
--searchbindpassword PASSWORD of ldap user 
--referral follow 
--derefalias always

    where

    • DN_LDAP_user is the Distinguished Name of the LDAP user at your site. In some cases, the user name must be in quotation marks, for example, "CN=lawson,CN=users,CN=Business Testing,DC=infor,DC=com"

    • LDAPSERVER:LDAPSERVER_PORT is the fully qualified name of your LDAP server and the LDAP port

    • LDAPSERVERRDN is the Relative Distinguished name and is usually the base of your LDAP structure For example: DC=infor,DC=com Depending on your configuration, if you get a Timeout error authenticating to grid against the LDAPBIND port as you will configure later, you may need to adjust the RDN to be a more specific container such as CN=Users,DC=infor,DC=com

  3. Make sure you save the file after making edits.