XYGATE User Authentication Reference Manual
XYGATE
®
User Authentication
™
Reference Manual
Appendix B: The UAACL File
XYPRO Technology Corporation 271 Proprietary and Confidential
B27: LDAP_DN_ATTRIBUTE
The value for this keyword is the attribute containing the name against which the
simple bind must be done.
Syntax:
LDAP_DN_ATTRIBUTE "<string>"
Example:
LDAP_DN_ATTRIBUTE "entrydn"
If present in a UAGroup, this keyword’s value overrides the one in the UACONF file.
B28: LDAP_IMPERSONATION
Impersonation allows a group of LDAP users to logon to the NonStop server to a
shared userid by authenticating with their LDAP user/password.
This feature removes the need for the IMPERSONATION_FROM_USER to exist on
the NonStop server.
Syntax:
LDAP_IMPERSONATION {ON | OFF}
The Example below allows any user to logon to SEC.ADMIN by authentication using
the windows user "ldap-admin". The user would specify in the password prompt
IMPERSONATION_CHARACTERS and then the ldap user and
IMPERSONATION_CHARACTERS and the password.
Example:
UAGROUP LDAP-IMPERSONATION
FROM_USER $EVERYONE
TO_USER SEC.ADMIN
REQUESTOR $SYSTEM.SYSnn.TACL
LDAP_IMPERSONATION ON
IMPERSONATION_FROM_USER Alias:"ldap-admin"
IMPERSONATION OPTIONAL
LDAP_AUTHENTICATE ON
In the above Example, because the keyword LDAP_IMPERSONATION is set to ON, it
prevents a syntax check on the IMPERSONATION_FROM_USER list. Alias "ldap-
admin" can be a windows only user and need not be present on the NonStop system.