SAS Safety Scalable Performance Data Server 4.5 Manual Do Utilizador
The LDAPBINDDN parameter is the "Distinguished Name" (DN), or the location in the
LDAP Server's database where the client's information is stored. The form of this string is
LDAP Server's database where the client's information is stored. The form of this string is
"ID= , rdn1=RDN1, rdn2=RDN2, ...".
"ID" is the identifier for the Relative Distinguished Name of a User ID that exists in the
LDAP Server database. The default value of the DN is
LDAP Server database. The default value of the DN is
"uid= , dc=DOM1, dc=DOM2, dc=DOM3".
If no Distinguished Name is specified in the spdsserv.parm file, SPD Server uses the LDAP
Server host's domain name to generate values for DOM1, DOM2, and DOM3. The SPD
Server user's User ID becomes the value for "uid". The result becomes the default user
location for LDAP database members.
Server host's domain name to generate values for DOM1, DOM2, and DOM3. The SPD
Server user's User ID becomes the value for "uid". The result becomes the default user
location for LDAP database members.
For example, let the LDAP host machine be sunhost.unx.sun.com and the User ID be
"sunjws". The resulting default Distinguished Name would be
"sunjws". The resulting default Distinguished Name would be
"uid=sunjws, dc=unx, dc=sun, dc=com".
The Distinguished Name is used to locate the user "sunjws". Then, the sunjws user
password is compared to the password that is stored in the LDAP database. If there is a
specific location for SPD Server users in your LDAP database, be sure to specify it using
LDAPBINDDN utility.
password is compared to the password that is stored in the LDAP database. If there is a
specific location for SPD Server users in your LDAP database, be sure to specify it using
LDAPBINDDN utility.
See the LDAP Server administrator for your site if you need more information about the
LDAP parameters for your spdsserv.parm file. To use the default value for any LDAP
parameter, simply omit it from the spdsserv.parm file. Undeclared parameters
automatically assume default values.
LDAP parameters for your spdsserv.parm file. To use the default value for any LDAP
parameter, simply omit it from the spdsserv.parm file. Undeclared parameters
automatically assume default values.
Note: Entering the LDAP_HOST value for the LDAPSERVER can cause SPD Server to
fail during start up. It is recommended that SPD Server and LDAP Server use the same
hosts. The user password is sent to the LDAP server in clear text. If someone is
"sniffing" the network, user passwords could potentially be intercepted.
hosts. The user password is sent to the LDAP server in clear text. If someone is
"sniffing" the network, user passwords could potentially be intercepted.
Notes for SPD Server Administrators
The SPD Server administrator has the role of performing many of the maintenance and
configuration functions for the SPD Server system. The following are some guidelines and
ideas for helping out in this capacity.
configuration functions for the SPD Server system. The following are some guidelines and
ideas for helping out in this capacity.
SPD Server User IDs
The SPD Server system uses its own layer of system access controls as a clean layer over
the file system access permissions. SPD Server processes run in the context of a Windows
user ID, and that user owns all of the file resources that are created from this SPD Server.
the file system access permissions. SPD Server processes run in the context of a Windows
user ID, and that user owns all of the file resources that are created from this SPD Server.
The SPD Server password file allows you to control access to the SPD Server's data
resources at a finer level of granularity than the UNIX user ID. Many sites will not want
to give Windows accounts to SPD Server system users, but still want protection and
ownership of the data resources created in the SPD Server environment. SPD Server user
IDs allow for this extra layer of access control.
resources at a finer level of granularity than the UNIX user ID. Many sites will not want
to give Windows accounts to SPD Server system users, but still want protection and
ownership of the data resources created in the SPD Server environment. SPD Server user
IDs allow for this extra layer of access control.
The SPD Server administrator needs to be familiar with the Account Manager utility
provided with the SPD Server system.
provided with the SPD Server system.
If you choose not to use SPD Server user IDs, you will still need the SPD Server password
file for the Data Server process to function properly. To disable the use of SPD Server user
IDs at your site, supply the -noacl option when you startup the Data Server process.
file for the Data Server process to function properly. To disable the use of SPD Server user
IDs at your site, supply the -noacl option when you startup the Data Server process.
SPD Server User IDs
53