LDAP Server Object Stores (Sun Java System Message Queue 3.7 UR1 Administration Guide)

Sun Java System Message Queue 3.7 UR1 Administration Guide

LDAP Server Object Stores

An LDAP server is the recommended object store for production messaging systems. LDAP servers are designed for use in distributed systems and provide security features that are useful in production environments.

LDAP implementations are available from a number of vendors. To manage an object store on an LDAP server with Message Queue administration tools, you may first need to configure the server to store Java objects and perform JNDI lookups; see the documentation provided with your LDAP implementation for details.

To use an LDAP server as your object store, you must specify the attributes shown in Table 8–1. These attributes fall into the following categories:

Initial context. The java.naming.factory.initial attribute specifies the initial context for JNDI lookups on the server. The value of this attribute is fixed for a given LDAP object store.
Location. The java.naming.provider.url attribute specifies the URL and directory path for the LDAP server. You must verify that the specified directory path exists.
Security. The attributes java.naming.security.principal , java.naming.security.credentials, and java.naming.security.authentication govern the authentication of callers attempting to access the object store. The exact format and values of these attributes depend on the LDAP service provider; see the documentation provided with your LDAP implementation for details and to determine whether security information is required on all operations or only on those that change the stored data.

Table 8–1 LDAP Object Store Attributes


Attribute	Description
`java.naming.factory.initial`	Initial context for JNDI lookup Example: `com.sun.jndi.ldap.LdapCtxFactory`
`java.naming.provider.url`	Server URL and directory path Example: `ldap://myD.com:389/ou=mq1,o=App` where administered objects are stored in the directory `/App/mq1` .
`java.naming.security.principal`	Identity of the principal for authenticating callers The format of this attribute depends on the authentication scheme: for example, `uid=homerSimpson,ou=People,o=mq` If this attribute is unspecified, the behavior is determined by the LDAP service provider.
`java.naming.security.credentials`	Credentials of the authentication principal The value of this attribute depends on the authentication scheme: for example, it might be a hashed password, a clear-text password, a key, or a certificate. If this property is unspecified, the behavior is determined by the LDAP service provider.
`java.naming.security.authentication`	Security level for authentication The value of this attribute is one of the keywords `none`, `simple`, or `strong`. For example, If you specify `simple,` you will be prompted for any missing principal or credential values. This will allow you a more secure way of providing identifying information. If this property is unspecified, the behavior is determined by the LDAP service provider.