XYGATE User Authentication Reference Manual
XYGATE
®
User Authentication
™
(XUA) 1.85 Reference Manual
Appendix A: The UACONF File
XYPRO Technology Corporation 226 Proprietary and Confidential
A31: LDAP_HOST
The LDAP_HOST keyword specifies the path to LDAP server. This can be either the
DNS name or the IP address, which can be specified in IPV4 or IPV6 format.
Syntax:
LDAP_HOST { <IP address> | <DNS name>[:ptr] }
Example 1: How to configure LDAP using a DNS Name
LDAP_HOST MYCOMPANY.LOCAL-NET
Example 2: How to configure LDAP using an IPV4 Address
LDAP_HOST 172.16.254.1
Example 3: How to configure LDAP using an IPV6 Address
LDAP_HOST 2001:db8:0:1234:0:567:8:1
The value of this keyword was created by the XUA_LDAP_INSTALL macro (page 70)
and may be changed by editing it here in the UACONF file after the macro run is
completed.
LDAP_HOST:ptr
The LDAP_HOST keyword can have an optional suffix :ptr. When the value of the
LDAP_HOST contains the suffix :ptr (not case sensitive), this will trigger the LDAP
proxy to perform a DNS Query on the portion of the host name preceding the :ptr
suffix, retrieving an IP address. It will then perform a reverse DNS Query on that
IP address and connect directly to the resulting host name. If any of the above two
operations fail, the LDAP proxy will connect to the portion of the host name preceding
the :ptr suffix.
Example:
LDAP_HOST MYCOMPANY.LOCAL-NET:ptr
RDNS lookup in the log file
When the LDAP_PROXY_OPTIONS in the UACONF contains "-mon -d" and the :PTR
feature is used, the LDAP proxy will output the result to the LDAP_PROXY_LOG file
with the elapsed times for the DNS Query and reverse DNS Query operations.
If the host name that results from the DNS Query followed by a reverse DNS Query
matches the name of the LDAP server host, SNI will pass (succeed) because the
LDAP proxy will have connected to a host name that matches the common name in
the LDAP server certificate.
An Example is provided below.