CentraSite Documentation : CentraSite Administrator’s Guide : Authentication Topics and LDAP : Configuring LDAP : Technical Principal for LDAP : Background
Background
CentraSite can only find and authenticate a user name via the LDAP mechanism if either:
*the user name is located directly beneath the LDAP node that represents all users (specified via the User DN configuration value – for example, if user names are in the form uid=Username,ou=People,dc=mydomain,dc=com then the user name must be beneath the node ou=People,dc=mydomain,dc=com), or:
*the LDAP server allows "anonymous bind".
The technical principal is a user name or user account that preferably should not belong to a real user; in other words, the technical principal is normally the ID of a fictitious user. It is intended for organizations that store their user entries in branched LDAP directory structures, for example uid=Username,loc=Germany,ou=People,dc=mydomain,dc=com but do not allow anonymous bind. The technical principal must be defined in LDAP as having (at least) read access to all users and groups that are to be used by CentraSite.
When CentraSite is configured to use this feature, all LDAP accesses take place using the technical principal. For example, if a user with user name user1 and password pwd1 wants to log in to CentraSite Control, LDAP is accessed using the technical principal and the record for the user user1 is checked.
Copyright © Software AG, Darmstadt, Germany.

Product LogoContact Support   |   Community   |   Feedback