1. Security Administration Guide
  2. Configuring the LDAP Server Settings

Configuring the LDAP Server Settings

Access the LDAP Server Attribute Values form. To do so, on the Available LDAP Configurations form, select a configuration record and then select Values from the Row menu.

  1. Click the search button in the Enterprise Server Attribute Name column to select the attributes to include in the LDAP server settings.

    After selecting the attributes, you must enter the appropriate LDAP value for the attribute in the LDAP Server Attribute Value column.

  2. To configure the standard EnterpriseOne settings for LDAP server, enter values for these attributes:

    Attribute

    Description

    USRSRCHBAS

    User search base. Specifies that the system searches for user information at the root of the directory information tree. This value specifies the "container" in which to begin the search. For example, USRSRCHBAS=o=jdedwards,c=us

    USRSRCHFLT

    User search filter. Specifies that a search is performed at the base level for the user ID in the LDAP server using the specified criteria. For example, USRSRCHFLT=objectclass=inetOrgPerson

    If you do not specify this value, no search filtering occurs.

    USRSRCHSCP

    User search scope. Specifies the level, or scope, at which the system searches for user information. Valid values are:

    • base

      The query searches only the value you specified in the USRSRCHBAS setting.

    • subtree

      This is the default value. The query searches the value in the Search Base field and all entries beneath it.

    • onelevel

      The query searches only the entries one level down from the value in the Search Base field.

    ROLSRCHBAS

    Role search base (use only if roles are enabled in LDAP). Specifies that a search is performed at the base level for the UserIDAttri in the LDAP database. For example, ROLSRCHBAS=o=jdedwards,c=us

    ROLSRCHFLT

    Role search filter (use only if roles are enabled in LDAP). This specifies that a search is performed at the base level for the role in the LDAP database using the specified criteria. For example, ROLSRCHFLT=objectclass=groupOfNames

    If you do not specify this value, no search filtering occurs.

    ROLSRCHSCP

    Role search scope (use only if roles are enabled in LDAP). This specifies the level, or scope, at which the system searches for role information. Valid values are:

    • base

      The query searches only the value you specified in the ROLSRCHBAS setting.

    • subtree

      This is the default value. The query searches the value in the Search Base field and all entries beneath it.

    • onelevel

      The query searches only the entries one level down from the value in the Search Base field.

  3. When using Secure Socket Layer (SSL/TLS) with LDAP server, enter values for these attributes:

    Attribute

    Description

    SSLPORT

    SSL/TLS Port for the LDAP server. Specifies the SSL/TLS port on the LDAP server.

    CERTDBPATH

    Dir path for cert7.db (SSL/TLS)

    For Windows and UNIX: This specifies the directory path to the cert7.db file (SSL/TLS). This file should generally be located in the system\bin32 directory on the Enterprise Server.

    For IBM i: This specifies the directory path and file name for the cert.kdb file on the IBM i-based, Enterprise Server machine, for example /QIBM/USERDATA/ICSS/CERT/SERVER/CERT.KDB. You should use the Digital Certificate Manager (DCM) to verify the location of the certificate for your installation.

    CERTDBCLBL

    Do not use this attribute. This is for future use only.

    CERTDBPSWD

    For IBM i only.

    This is the password to the key database. Specifies the password to the key database (files with a "kdb" extension). The key database is used to store a uniquely identified name, or label, associated with the client private key/certificate pair.

    SSLTIMEOUT

    For IBM i only.

    This specifies the time-out value for the SSL connection.

  4. If you are using the self-service version of the user profile application for the Manufacturing Sourcing module, enter values for these attributes:

    Note: You cannot use this application to manage LDAP user profiles.

    Attribute

    Description

    USRACNTCTL

    User Account Control. Specifies the authority attached when creating a user in Active Directory, for example USRACNTCTL=512 creates an enabled user in Active Directory only.

    USRADDLOC

    User Add Location. Specifies the location in LDAP where users will be added, for example USRADDLOC=O=jdedwards.

    USRCLSHRCY

    User Class Hierarchy. Specifies the class hierarchy needed to create a user in LDAP, for example USRCLSHRCY=top, person, organizationalPerson, inetOrgPerson.

    ROLADDLOC

    Role Add Location (use only if roles are enabled in LDAP). Specifies the location in LDAP that contains the user-role relationship, for example ROLADDLOC=O=jdedwards.

    ROLCLSHRCY

    Do not use this attribute. This is for future use only.