PMDF System Manager's Guide
Previous Next Contents Index

21.3.1 Configuration

Before the form can be used, it must be configured. At a minimum, an option file for the form must be provided as described in Section 21.3.1.1.

If you have a PMDF option file initially created prior to PMDF V5.2, then you can need to adjust the setting of the PMDF option FORM_NAMES; see Section 21.1.1.1 for details.

21.3.1.1 Form Option File

The LDAP/X.500 pop-up form requires the use of an option file. On OpenVMS, the name of the option file is PMDF_TABLE:x500_form_option. This file must be world readable. Each line of the option file contains the setting for one option. An option setting takes the form: 


option=value

Two required options which must be supplied in the option file are disscussed in Section 21.3.1.2. Additional options are described in Section 21.3.1.4; customizing the form for another language is discussed in Section 21.3.1.6.

21.3.1.2 Required Options

In order to use the pop-up LDAP/X.500 addressing form, two options must be specified in the form's option file. These two options are LDAP_SERVERS and LDAP_BASE. If either of these options is not specified, then the form will refuse to run and will signal an error.5

The LDAP_SERVERS option specifies the TCP/IP host names of the LDAP servers to use. The option's value takes the form 


host1+port1|host2+port2|host3+port3...
where host1, host2, host3, ... and port1, port2, port3, ... are, respectively, the TCP/IP hosts and ports to which to connect. The hosts will be attempted in the order listed, from left to right, until a connection is successfully made to one of the hosts or the list exhausted. IP addresses can be used in place of host names. If the port number is omitted then the standard LDAP port, port 389, will be used. When omitting the port number, also omit the +.

For instance, to use the hosts vax1.example.com, vax2.example.com, and admin.example.com as LDAP servers, you can specify 


LDAP_SERVERS=vax1.example.com|admin.example.com+6666|vax2.example.com
Since the port numbers were omitted for vax1 and vax2, port 389 will be used. Port 6666 is used when connecting to admin. (Port 6666 is a port number which was commonly used in the past before port 389 was officially designated as the LDAP port.)

The second required option is LDAP_BASE which specifies the distinguished name in the LDAP or X.500 tree (DIT) at which to initially position the form. Usually this will be the top level of your organization's DSA. E.g., 


LDAP_BASE=o="Process Software, LLC.", st=Massachusetts, c=US

The logicals PMDF_X500_LDAP_SERVERS and PMDF_X500_LDAP_BASE can be used to override the values of the LDAP_SERVERS and LDAP_BASE options. The translation value of those two logicals should be the same as the values used with the option file options. For example, 


$ DEFINE PMDF_X500_LDAP_BASE    - 
         "o=""Process Software, LLC"",st=Massachusetts,c=US" 
$ DEFINE PMDF_X500_LDAP_SERVERS - 
         "vax1.example.com|admin.example.com+6666|vax2.example.com"

With the PMDF_X500_LDAP_BASE logical, individual users or groups of users can select a different initial distinguished name at which to start the form.

21.3.1.3 Controlling Attribute Names

The LDAP/X.500 pop-up form has a default set of attribute names it will use in requests to the LDAP server as well as a default set of attribute names it will recognize in responses back from the server. These names are shown in Table 21-3. These default values can be controlled with the x_IN and x_OUT options where "x" is the name of an attribute. x_IN specifies the attribute name to recognize in responses from the server; x_OUT the name to use in requests to the server. Note that the values specified with these options are case sensitive.

Table 21-3 Attribute Names Emitted and Recognized by the LDAP/X.500 Pop-Up Addressing Form
Attribute name Option name = value Option name = value
associatedDomain ASSOCIATEDDOMAIN_IN=associatedDomain ASSOCIATEDDOMAIN_OUT=associatedDomain
commonName COMMONNAME_IN=cn COMMONNAME_OUT=cn
description DESCRIPTION_IN=description DESCRIPTION_OUT=description
facsimileTelephoneNumber FACSIMILETELEPHONENUMBER_IN=facsimileTelephoneNumber FACSIMILETELEPHONENUMBER_OUT=facsimileTelephoneNumber
mail RFC822MAILBOX_IN=mail RFC822MAILBOX_OUT=mail
homePhone HOMEPHONE_IN=homePhone HOMEPHONE_OUT=homePhone
homePostalAddress HOMEPOSTALADDRESS_IN=homePostalAddress HOMEPOSTALADDRESS_OUT=homePostalAddress
joinable JOINABLE_IN=joinable JOINABLE_OUT=joinable
member MEMBER_IN=member MEMBER_OUT=member
memberOfGroup MEMBEROFGROUP_IN=memberOfGroup MEMBEROFGROUP_OUT=memberOfGroup
objectClass OBJECTCLASS_IN=objectClass OJECTCLASS_OUT=objectClass
owner OWNER_IN=owner OWNER_OUT=owner
userPassword USERPASSWORD_IN=userPassword USERPASSWORD_OUT=userPassword
postalAddress POSTALADDRESS_IN=postalAddress POSTALADDRESS_OUT=postalAddress
rfc822ErrorsTo RFC822ERRORSTO_IN=rfc822ErrorsTo RFC822ERRORSTO_OUT=rfc822ErrorsTo
rfc822RequestsTo RFC822REQUESTSTO_IN=rfc822RequestsTo RFC822REQUESTSTO_OUT=rfc822RequestsTo
telphoneNumber TELEPHONENUMBER_IN=telphoneNumber TELEPHONENUMBER_OUT=telphoneNumber
title TITLE_IN=title TITLE_OUT=title
uid USERID_IN=uid USERID_OUT=uid

21.3.1.4 Additional Options

Described below are some additional options which can be specified in the form's option file.

AUTHORIZATION_METHOD (SIMPLE)

The authorization method to use when binding to a LDAP server. At present, the only supported method is simple authorization.

CHARSET (text string <= 252 characters long)

The character set the form should use. Keyboard input will be translated from this character set to T.61 prior to transmission to the LDAP server; output from the LDAP server will be translated to this character set prior to display upon a terminal. If no character set is specified, then the DEC multinational character set, DEC-MCS, will be used. The selected character set must be one which appears in the charsets.txt file in the PMDF table directory.6 Note that additional character sets can be added to that file; refer to the PMDF CHBUILD utility documentation for details.

DN (text string <= 252 characters long)

A distinguished name, DN, to use when binding to a LDAP server. By default, no distinguished name is used. Use the PASSWORD option to specify any password associated with the DN.

EXTRA_OU (0, 1, or 2)

By default, the pop-up addressing form provides fields for five organizational units (ou) in a distinguished name. With this option, the number of fields can be increased to six (EXTRA_OU=1) or seven (EXTRA_OU=2). The default is EXTRA_OU=0. These additional fields appear at the expense of making the form look more cluttered.

FILTERFILE (text string <= 252 characters long)

The complete file specification for a LDAP filter file to use for constructing search filters. By default, the file ldapfilter.conf file in the PMDF table directory is used. See Section 21.3.1.5 for additional details.

HELPFILE (text string <= 252 characters long)

The complete file specification for a text file containing help information. The contents of this file will be displayed when help is requested from the main addressing screen. By default, the file used is the OpenVMS file PMDF_DOC:x500_form.hlp. See also the MENU_HELPFILE option.

LDAP_BASE (text string <= 252 characters long)

The initial distinguished name at which to position the form. See Section 21.3.1.2 for details.

LDAP_SERVERS (text string <= 252 characters long)

A list of one or more LDAP servers to use. See Section 21.3.1.2 for details.

MENU_HELPFILE (text string <= 252 characters long)

The complete file specification for a text file containing help information. The contents of this file will be displayed when help is requested from within a selection menu. By default, the file used is PMDF_DOC:x500_form_menu.hlp. See also the HELPFILE option.

NEXT (K, L, N, or P)

The control character which can be entered to move to the next address when more than one address is being entered). By default, CTRL/N (NEXT=N) is the control character keystroke used.

PASSWORD (text string <= 252 characters long)

This option can be used in conjunction with the DN option to specify a password to use when binding to a LDAP server.

PREV (K, L, N, or P)

The control character which can be entered to move to the previous address when more than one address is being entered. By default, CTRL/P (PREV=P) is the control character keystroke used.

21.3.1.5 Filter File

The directory search strategies used by the terminal-based form are specified in a LDAP filter file. By default, the file ldapfilter.conf from the PMDF table directory is used; an alternate file can be selected with the FILTERFILE option. From the filter file, the form uses those filters with tag names of the form 


pmdf_form_x
where x designates the type of field being searched: c, cn, l, o, ou, and st (country, common name, locality, organization, organizational unit, and state). Should you want to alter any of these filters, you should create your own filter file and direct the form to use it with the FILTERFILE option. Do not modify the supplied ldapfilter.conf file. Otherwise, your changes will be lost when you upgrade or reinstall PMDF.

See Section 3.2.7.6 for a further discussion of the ldapfilter.conf file and creating your own filter file.

21.3.1.6 Changing Languages

The file x500_form_option.sample in the PMDF table directory is a sample option file which specifies the default option values used by the LDAP/X.500 pop-up form. In that option file, there appear a large number of options beginning with STR_ or ending with _LABEL or _COMMENT. Those options, which are not documented here, can be used to control the text appearing in labels, prompts, and messages. They allow customization of the form for use with languages other than English. See also the description of the CHARSET, HELPFILE, and MENU_HELPFILE options in Section 21.3.1.4.

Note

5 If the PMDF_X500_LDAP_SERVERS and PMDF_X500_LDAP_BASE logicals are defined, then these options do not need to be specified in an option file.

6 On OpenVMS systems the PMDF table directory is pointed at by the PMDF_TABLE logical.

Previous Next Contents Index