To enable back-end authentication for IBM Security Directory Server
- Identify the IBM Security Directory Server server based on the IBM Security Directory Server back-end server records in OneSpan Authentication Server.
- Bind to IBM Security Directory Server using the security principal DN and password defined for the IBM Security Directory Server back-end server record if principal details specified.
- Search the IBM Security Directory Server back-end server for the user to be authenticated based on the User Object Class Name and the User ID Attribute Name attributes defined during setup.
- Try to authenticate with IBM Security Directory Server using a bind with the user ID and password of the user to be authenticated.
If authentication fails, the attributes retrieved during the search will be used to determine the cause of the failure.
In addition, you will also need to do the following:
- Configure OneSpan Authentication Server to authenticate via LDAP SSL (see Configuring SSL for back-end authentication (via IBM Security Directory Server)).
- Set up a back-end server record for IBM Security Directory Server. This means to register it as a back-end server for OneSpan Authentication Server via the Administration Web Interface.
When registering a IBM Security Directory Server back-end server for OneSpan Authentication Server, ensure that the location entered in the IBM Security Directory Server back-end server record is the same as that shown on the Tivoli Web Administration > View Edit > Issued To > cn=serverid.
| UserID format | Source of user ID |
|---|---|
| UserID | Common name of the user |
| MYREALM\userid | Fully qualified domain name + common name of the user |
| userid@mydomain.com | Common name attribute of the user + fully qualified domain name |
OneSpan Authentication Server only supports the Simple binding with SSL option as the client authentication mechanism for binding with the supported instances of IBM Security Directory Server.