Prerequisites

Licensing

• The LDAPv2-compatible authentication scheme does not require host licensing. This is effectively the same LDAP authentication scheme provided since Niagara 4. They do not offer Kerberos as an authentication choice.

• To use Kerberos authentication, your host platform must be licensed for LDAPv3. The following is an example of the license line:

  <feature name=”ldapv3” expiration=”never” kerberos=”true” parts=”LDAPV3_PART”/>

LDAP environment and properties

You need at least the following information from your LDAP system administrator:

• URL for the LDAP server (ldap://your.domain.net:nnn where your.domain.net:nnn is the URL for the LDAP server, and nnn is any port other than the standard, default LDAP port. To use a standard port (389, or 636 if you are using SSL/TLS), you do not need to include the port in the URL.

• User names for logging in to each station as they appear in the LDAP directory.

Information your LDAP system administrator may need from you

• The name of the user prototype (group) to associate with each user (such as, manager, operator, etc.).

• Your name for each station.

Kerberos prerequisites

You need the following information from your Kerberos administrator:

• Kerberos realm name (should be in UPPERCASE).

• Key Distribution Center URL.

• A service name (based on the station name you provided) for each station. This URL-style name must be set up by your Kerberos administrator on the LDAP server. This name should be in the form:

  http/somename.domain.com

  where somename is the name by which you will access your station via a browser, and domain.com is your realm.

  This name must be trusted for delegation. If you are not planning for Kerberos authentication via the browser, you can use a regular user name (not a service).

• A keytab file or a password for each service name (station). Services typically require a keytab file, whereas users typically use a password.