An IBM Security Directory Server record is required for IDENTIKEY Authentication Server to be able to forward authentication and accounting requests to a back-end IBM Security Directory Server.
The following table explains each field available in View mode.
| Fields | Contents |
|---|---|
| Enable SSL | Specifies whether the connection to the Back-End Server is SSL-secured |
| IP Address | IP address on which the back-end Server receives authentication requests. |
| Port | UDP Port on which the back-end Server receives authentication requests. |
| Timeout (seconds) |
Number of seconds wait for a response from the server before either retrying or trying another server. Possible values: 1–999 |
| Search Base DN | The Base Distinguished Name to start searching from |
| Security Principal DN | The ID of the account being used to log in to the back-end Server |
| Security Principal Password | Password between the IDENTIKEY Authentication Server and the back-end server. |
| User Object Class Name | User Object Class Name to search within. |
| User ID Attribute Name | User Attribute Name to search on. |
| User Name Attribute Name | The name of the user display name attribute on the back-end server. With DUR user information synchronization enabled, the user display name will be added to the DIGIPASS user account during Dynamic User Registration. |
| Phone Attribute Name | The name of the landline number attribute on the back-end server. With DUR user information synchronization enabled, the user's landline number will be added to the DIGIPASS user account during Dynamic User Registration. |
| Mobile Attribute Name | The name of the mobile number attribute on the back-end server. With DUR user information synchronization enabled, the user's mobile number will be added to the DIGIPASS user account during Dynamic User Registration. |
| Email Attribute Name | The name of the e-mail address attribute on the back-end server. With DUR user information synchronization enabled, the user's e-mail address will be added to the DIGIPASS user account during Dynamic User Registration. |
Click the Edit button to configure any of these settings.
Note - Changes to back-end server records (add, change, delete) will not take effect immediately on all IDENTIKEY Authentication Server instances unless replication is used to synchronize the IDENTIKEY Authentication Server instances. Where replication is not used, changes to back-end server records will take effect when each IDENTIKEY Authentication Server instance is restarted, once the back-end server change is available to it in its data store. Alternatively, if there is no restart, the cache of back-end server records will refresh from the data store approximately every 15 minutes.
Note - If the Timeout is either not configured or set too low for LDAP Back-End records, the LDAP query may time out. This will result in the denial of the login request. To verify if this occurred, check the Trace file to look for LDAP timeout messages.