The DNS SRV request sent to the DNS server must specify a domain name.
The LDAP client will determine where to get this domain name based on one
of the following three options:
- extractSearchDomainFromLoginID: With this option, the LDAP client will
use the domain name in the login id. For example, if the login id is
[email protected], the domain name equals mycompany.com. If the domain
name cannot be extracted, the DNS SRV will fail, causing the user
authentication to fail automatically.
- useOnlyConfiguredSearchDomainBelow: With this option, the LDAP client
will use the domain name configured in the Search Domain parameter.
- tryLoginFirstThenConfiguredValue: With this option, the LDAP client will
first attempt to extract the domain name from the login id. If this succeeds,
this domain name will be used in the DNS SRV request. If there is no domain
name present in the login id, the LDAP client will instead use the configured
Search Domain parameter as the domain name in the DNS SRV request.
If nothing is configured, user authentication will fail immediately.
Parsed from file RTRSAAG.MIB.txt
Company: ibm
Module: RSA-MIB
Child arc 0 is used to translate between SNMPv1 and SNMPv2 notification parameters as explained in IETF RFC 2576, section 3.
ldapDomainSource OBJECT-TYPE SYNTAX INTEGER { extractSearchDomainFromLoginID (0), useOnlyConfiguredSearchDomainBelow (1), tryLoginFirstThenConfiguredValue (2) } ACCESS read-write STATUS mandatory DESCRIPTION "The DNS SRV request sent to the DNS server must specify a domain name. The LDAP client will determine where to get this domain name based on one of the following three options: - extractSearchDomainFromLoginID: With this option, the LDAP client will use the domain name in the login id. For example, if the login id is [email protected], the domain name equals mycompany.com. If the domain name cannot be extracted, the DNS SRV will fail, causing the user authentication to fail automatically. - useOnlyConfiguredSearchDomainBelow: With this option, the LDAP client will use the domain name configured in the Search Domain parameter. - tryLoginFirstThenConfiguredValue: With this option, the LDAP client will first attempt to extract the domain name from the login id. If this succeeds, this domain name will be used in the DNS SRV request. If there is no domain name present in the login id, the LDAP client will instead use the configured Search Domain parameter as the domain name in the DNS SRV request. If nothing is configured, user authentication will fail immediately." ::= { ldapClientCfg 17 }
OID | Name | Sub children | Sub Nodes Total | Description |
---|---|---|---|---|
1.3.6.1.4.1.2.3.51.1.4.9.3.6.17.0 | ldapDomainSource | 0 | 0 | None |
OID | Name | Sub children | Sub Nodes Total | Description |
---|---|---|---|---|
1.3.6.1.4.1.2.3.51.1.4.9.3.6.1 | ldapServer1NameOrIPAddress | 1 | 1 | A NULL terminated 64 byte string that contains the LDAP server host name or IP address (a.b.c.d). |
1.3.6.1.4.1.2.3.51.1.4.9.3.6.2 | ldapServer1PortNumber | 1 | 1 | LDAP server port number. |
1.3.6.1.4.1.2.3.51.1.4.9.3.6.3 | ldapServer2NameOrIPAddress | 1 | 1 | A NULL terminated 64 byte string that contains the LDAP server host name or IP address (a.b.c.d). |
1.3.6.1.4.1.2.3.51.1.4.9.3.6.4 | ldapServer2PortNumber | 1 | 1 | LDAP server port number. |
1.3.6.1.4.1.2.3.51.1.4.9.3.6.5 | ldapServer3NameOrIPAddress | 1 | 1 | A NULL terminated 64 byte string that contains the LDAP server host name or IP address (a.b.c.d). |
1.3.6.1.4.1.2.3.51.1.4.9.3.6.6 | ldapServer3PortNumber | 1 | 1 | LDAP server port number. |
1.3.6.1.4.1.2.3.51.1.4.9.3.6.7 | ldapRootDN | 1 | 1 | Distinguished Name for root entry of directory tree. An example might look like dn=foobar,dn=com. |
1.3.6.1.4.1.2.3.51.1.4.9.3.6.8 | ldapUserSearchBaseDN | 1 | 1 | As part of the user authentication process, it is necessary to search the LDAP server for one or more attributes associated with… |
1.3.6.1.4.1.2.3.51.1.4.9.3.6.9 | ldapGroupFilter | 1 | 1 | This filter is used for group authentication. It specifies what group or groups that this MM belongs to. If left blank, group au… |
1.3.6.1.4.1.2.3.51.1.4.9.3.6.10 | ldapBindingMethod | 1 | 1 | On initial binds to the LDAP server during user authentication, there are three options: Anonymous authentication: Bind attempt i… |
1.3.6.1.4.1.2.3.51.1.4.9.3.6.11 | ldapClientAuthenticationDN | 1 | 1 | The initial bind to the LDAP server during user authentication can be performed with anonymous authentication, client based auth… |
1.3.6.1.4.1.2.3.51.1.4.9.3.6.12 | ldapClientAuthenticationPassword | 1 | 1 | The client authentication password |
1.3.6.1.4.1.2.3.51.1.4.9.3.6.13 | ldapUIDsearchAttribute | 1 | 1 | When the binding method selected is Anonymous authentication or Client authentication, the initial bind to the LDAP server is fo… |
1.3.6.1.4.1.2.3.51.1.4.9.3.6.14 | ldapGroupSearchAttribute | 1 | 1 | When the MM Group Filter name is configured, it is necessary to retrieve from the LDAP server the list of groups that a particul… |
1.3.6.1.4.1.2.3.51.1.4.9.3.6.15 | ldapLoginPermissionAttribute | 1 | 1 | When a user successfully authenticates via a LDAP server, it is necessary to retrieve the login permissions for this user. In or… |
1.3.6.1.4.1.2.3.51.1.4.9.3.6.16 | ldapUseDNSOrPreConfiguredServers | 1 | 1 | The MM contains a Version 2.0 LDAP Client that may be configured to provide user authentication through one or more LDAP servers… |
1.3.6.1.4.1.2.3.51.1.4.9.3.6.18 | ldapSearchDomain | 1 | 1 | This parameter may be used as the domain name in the DNS SRV request, depending on how the Domain Source parameter is configured. |
1.3.6.1.4.1.2.3.51.1.4.9.3.6.19 | ldapServiceName | 1 | 1 | The DNS SRV request sent to the DNS server must also specify a service name. The configured value will be used for this purpose.… |