Searching the Directory Anonymously
Instant Messaging needs to be able to search the directory to function correctly. If your directory is configured to be searchable by anonymous users, Instant Messaging has the capability to search the directory. If the directory is not readable or searchable by anonymous users, you must take additional steps to configure iim.conf with the credentials of a user ID that has at least read access to the directory. These credentials consist of:
-
A distinguished name (dn)
-
The password of the above dn
To Enable the Server to Conduct Directory Searches
as a Specific End User
-
Identify values for the following parameters in iim.conf:
-
iim_ldap.usergroupbinddn - Specifies the distinguished name (dn) to use to bind to the directory for searches.
-
iim_ldap.usergroupbindcred - Specifies the password to use with the distinguished name (dn).
For example:
iim_ldap.usergroupbinddn="cn=iim server,o=i-zed.com"
iim_ldap.usergroupbindcred=secret
Note –You do not have to use administrator-level credentials with write level access, as all that is necessary is read access to the domain tree. Thus, if there is an LDAP user with read level access, use its credentials instead. This is a safer alternative as it does not force you to disseminate the administrator-level credentials.
See iim.conf File Syntax for instructions on locating and modifying iim.conf.
-
-
In a deployment with Sun Java System Access Manager, if the directory is not searchable by anonymous users:
-
Edit iim.conf.
See iim.conf File Syntax for instructions on locating and modifying iim.conf.
If the iim_ldap.usergroupbinddn and iim_ldap.usergroupbindcred parameters do not appear in iim.conf, you can add them anywhere in the file.
- © 2010, Oracle Corporation and/or its affiliates