Configuring login using an LDAP attribute that is not part of the distinctive name

By default, users can log in using an attribute that is part of their LDAP user name, that is, their DN (Distinctive Name). You can use the Contenta Password Manager utility to configure login credentials using a different user name.

About this task

For example, given the DN cn=Ernest Hemingway,ou=People,dc=example,dc=com, entering “Ernest Hemingway” as a username will be successful.

However, you may want to configure xyldap.cfg to enable login using an attribute not mentioned in the DN, for example, sn, which is typically shorter. You will need to configure a principal account (that is, an LDAP account that can search for attributes).

Procedure

  1. Use the Contenta Password Manager utility (dbpwdmgr) to configure login credentials.
    For information about using the utility, see Using the Contenta Password Manager utility in this documentation.
    Complete the following steps after you have added a principal account.
  2. Open xyldap.cfg for editing.
  3. Set ldap_find_user_by_attr to true.
  4. Set ldap_base_dn to the base path to the attribute you want to check. For example, ldap_base_dn : dc=example, dc=com.
  5. Set ldap_principal_dn to the DN of the principal account you just created.
  6. Specify a DN suffix and the name of the attribute in the user_dn_suffix.1 and user_name_attr.1 properties, respectively. When combined, these properties should yield the value to check against.
  7. You can specify multiple DN suffix-attribute pairs by adding another pair of properties and increasing the number at the end (user_dn_suffix.2 and user_name_attr.2, user_dn_suffix.3 and user_name_attr.3, and so on).
  8. Save and close xyldap.cfg.
  9. Restart PcmPortal.