SASL (Simple Authentication and Security Layer)
About this task
The following parameters relate to using SASL to secure the connection to the LDAP server. If
you are not using SASL, the parameters must not be edited. Comment out the parameters. The following
values are used to configure IBM® BigFix® Remote Control to connect to
Active Directory that uses SASL in a test environment. Consult your organizations active directory
support team to acquire the correct values for your company.
- ldap.security_authentication
- Specifies the security level to use. If this property is unspecified, the behavior is determined
by the service provider. If you are using SSL, the value is set to simple. If you are using SASL,
the value is set to the SASL mechanism DIGEST-MD5.
ldap.security_authentication= DIGEST-MD5 - ldap.connectionRealm
- The Realm name where the user ID and password
resides.
ldap.connectionRealm= mydomain.mycompany.com - ldap.connectionQop
- This value can be one of:
- auth = Authentication only
- auth-int = Authentication and integrity checking by using signatures
- auth-conf = (SASL only) Authentication, integrity and confidentiality checking by using signatures and encryption.
ldap.connectionQop= auth-conf - ldap.connectionMaxbuf
- Number that indicates the size of the largest buffer the server is able to receive when you use
auth-int or auth-conf. The default is 65536.
ldap.connectionMaxbuf= 16384 - ldap.connectionStrength
- Connection strength can be one of: low, medium,
high.
ldap.connectionStrength= high