Field

Description

Port

Enter the port number on which the LDAP server is listening. The default LDAP port is

 

389.

Base DN

Enter the base distinguished name for this connection. The base distinguished name

 

defines the top of the directory tree. To obtain a list of base distinguished names for

 

a particular directory, make sure the host name and port fields have been filled in

 

correctly and then click the Fetch button. If the directory server has been set up to

 

require authentication for this operation, the Bind DN and Password fields will have

 

to be filled in correctly as well. The LDAP Browser will attempt to connect to the

 

specified LDAP server, obtain the list of supported base distinguished names, and

 

populate the Base DN option menu with those names.

Secure connection

Choose whether to communicate with the LDAP server using the Secure Sockets Layer

 

(SSL). Such communication is possible only if the LDAP server has been configured

 

to accept SSL connections and if the certificate presented by the server during SSL

 

communication is signed by a trusted certificate authority. See Section : Connecting

 

to an LDAP Server using SSL for more information on how to create a trusted certificate

 

store.

Bind DN

Enter the distinguished name to use for authentication when binding to the LDAP

 

server. To bind to a directory anonymously, leave this field blank. Many directories

 

allow anonymous clients to perform read-only operations like searching but will

 

require authentication information for clients that attempt to write to the directory.

Password

Enter the password that corresponds to the Bind DN that was entered. Leave this field

 

blank if anonymous binding is desired.

Bind information prompting

When BIND information is entered for a connection entry, this information is stored

 

in the LDAP Browser configuration file in the user's home directory. If the security of

 

the user's home directory is compromised, that bind information could potentially be

 

obtained from the configuration file by an intruder. If this is a concern or if you will

 

not always be binding to the directory as the same user, leave the Bind DN and

 

Password fields blank and click in the checkbox to cause the LDAP browser to prompt

 

for BIND information each time the connection is established.

Referral strategy

Indicate if you want to automatically follow referrals to entries residing on other LDAP

 

servers. Check either Follow or Don't Follow.

Alias dereferencing

Pick a strategy for dereferencing LDAP aliases. Check one of the following: Never,

 

Finding, Searching or Always.

Search limit

You can limit the number of entries that will be returned by any LDAP search operation.

 

Check either None for no search limit, or give a specific limit by checking Limit to

 

radio button and then entering a value in the results field. This limit can be useful

 

when dealing with very large directories, because searches that return large numbers

 

of entries can take considerable time to complete and the search results can consume

 

a large amount of memory.

Operation time limit

Enter a time limit (in milliseconds) for any LDAP operation to complete. Check the

 

None radio button to specify no time limit. To specify a time limit, check the Limit to

 

radio button, and then enter a value in milliseconds in the ms field. This option is

 

useful when dealing with slow or unreliable connections.

Connecting to an LDAP Server using SSL

The Connection Information form for adding or modifying connections provides an option to use the Secure Sockets Layer (SSL) when communicating with an LDAP server. SSL allows for verification of an LDAP server's identity as well as for encryption of the data that passes between the browser

198 LDAP Directory Server Administration

Page 198
Image 198
HP UX Internet Express Software manual Connecting to an Ldap Server using SSL