XYGATE User Authentication Reference Manual
XYGATE
®
User Authentication
™
(XUA) 1.85 Reference Manual
Appendix A: The UACONF File
XYPRO Technology Corporation 220 Proprietary and Confidential
A25: LDAP_AUTHENTICATE
The LDAP_AUTHENTICATE keyword value determines if the authentication request
will be sent to the LDAP server and in what manner.
Syntax:
LDAP_AUTHENTICATE {ON | OFF | OPTIONAL}
ON – Users’ passwords and network IDs will be verified by LDAP.
Note: The userid’s status on the NonStop server will be evaluated by Safeguard in
addition to the LDAP’s password verification. For example, if the LDAP server
verifies the validity of the network userid and its password, but in Safeguard’s
record the userid is expired, the logon request will be denied in this case. The
frozen status of the NonStop userid may be circumvented by the FROZEN_OK
keyword in either the UACONF or UAACL files.
If LDAP becomes non-responsive for any reason, the logon will be denied.
OFF – Users will only be authenticated by Safeguard, and not LDAP (unless otherwise
configured in UAACL).
OPTIONAL – LDAP authentication is invoked as if the value is ON, but if the LDAP
server is non-responsive, the authentication is diverted to Safeguard instead of denied.
An identical value in the UAACL file overrules the value in the UACONF file for the
specified set of users.
Example:
LDAP_AUTHENTICATE ON
The value of this keyword created by the XUA_LDAP_INSTALL macro (page 70) can
be changed by editing the UACONF file after the macro run is completed.
Note: If for some reason the LDAP server is down or unavailable and if
LDAP_AUTHENTICATE is set to OPTIONAL, then XYGATEUA first sends the
password for authentication to the LDAP server, and if for some reason the
LDAP is not reachable, then XUA gives a warning about ldap being unavailable,
and re-prompts for the Guardian password.
Example:
TACL 2> Logon super-ldap
Password: *LDAP unavailable; enter Guardian password:
Last Logon: 13 JAN 2010, 09:33.