LDAPメカニズムはディレクトリ認証およびLDAP準拠ディレクトリで定義されるユーザーの許可をサポートしています。LDAPメカニズムを使用するには、以下で説明している設定手順を完了する必要があります。
ここに表示されているLDAPプロパティの中にはTdgssUserConfigFile.xmlに表示されないものがあります。非デフォルト値を構成するには、それらのプロパティをTdgssUserConfigFile.xmlに追加する必要があります。
例: LDAPの構成
<!-- LDAPv3 -->
<Mechanism Name="ldap"
ObjectId="1.3.6.1.4.1.191.1.1012.1.20"
LibraryName="gssp2ldap"
Prefix="ldapv3"
InterfaceType="custom">
<!-- Note: DHKeyP and DHKeyG are for legacy (pre-14.0) use only -->
<MechanismProperties
AuthenticationSupported="yes"
AuthorizationSupported="yes"
SingleSignOnSupported="no"
DefaultMechanism="no"
MechanismEnabled="yes"
MechanismRank="70"
MechanismIgnoresQop="no"
GenerateCredentialFromLogon="yes"
DelegateCredentials="no"
MutualAuthentication="yes"
ReplayDetection="yes"
OutOfSequenceDetection="yes"
ConfidentialityDesired="yes"
IntegrityDesired="yes"
AnonymousAuthentication="no"
DesiredContextTime=""
DesiredCredentialTime=""
CredentialUsage="0"
VerifyDHKey="no"
DHKeyP="E4BE0A78F54C4A0B17E7E9249A78BCC08868C17281D8463C880937853E73DDC787E41580A8AFE2594D984C9E0814C590790354ECCD1BE8EA85961E5E0974B32EFE178335F061E80189B4BDAA20F67B47"
DHKeyG="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005"
DHKeyP2048="8AB3F86E8D374B782F31DAD5F27D6AFDA30150C11A20CF6346712AE2D2C6B70A5B79D45D4C0C232A065B207B121B2C33E147B5983C38A1087F272703B0B839CBA6F71C5D0EB51EC890934EACF2C7DD2A1DF6F55E89B145A0359D35EF8FB6C561E157B13FF927A35E69963648614902B1034EF71197F545DEF3236244EADAE0689E624CF1245953630AE042BD797C4025E37C51D9F6CBDA0B2278FA7D5CA2D9CA930BE2968330C811A4BA4D0845333C0D62E3EE742154F6B62F2951CD8C73C43B5AA1C7819DEF1D7C9314411E465F8E4796666594AADE0AEB3F1256E5719E7AE54DD34FFDA949634E4A293C5BC60AF258BB9FE558086E83B3DD3D7491966DEE93"
DHKeyG2048="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005"
LdapServerName=""
LdapServerPort="389"
LdapServerRealm=""
LdapSystemFQDN=""
LdapBaseFQDN=""
LdapGroupBaseFQDN=""
LdapUserBaseFQDN=""
LdapClientReferrals="off"
LdapClientDeref="never"
LdapClientDebug="0"
LdapClientRebindAuth="yes"
LdapClientRandomDevice="/dev/urandom"
LdapClientMechanism="SASL/DIGEST-MD5"
LdapClientUseTls="no"
LdapClientTlsCACert=""
LdapClientTlsCACertDir=""
LdapClientTlsCert=""
LdapClientTlsKey=""
LdapClientTlsRandFile=""
LdapClientTlsReqCert="never"
LdapClientTlsCipherSuite=""
LdapClientTlsCRLCheck="none"
LdapServiceFQDN=""
LdapServicePasswordProtected="no"
LdapServicePassword=""
LdapServiceBindRequired="no"
LdapClientSaslSecProps=""
LdapAllowUnsafeServerConnect="yes"
UseLdapConfig="no"
/>
<!-- Low, Medium and High QOP values are all set to "Default"
unless the Low, Medium and High values are explicitly set
in TdgssUserConfigFile.xml -->
<!-- DEFAULT QOP -->
<MechQop Value="Default">
AES-K128_GCM_PKCS5Padding_SHA2_DH-K2048
AES-K128_CBC_PKCS5Padding_SHA1_DH-K2048
AES-K192_GCM_PKCS5Padding_SHA2_DH-K2048
AES-K192_CBC_PKCS5Padding_SHA1_DH-K2048
AES-K256_GCM_PKCS5Padding_SHA2_DH-K2048
AES-K256_CBC_PKCS5Padding_SHA1_DH-K2048
</MechQop>
</Mechanism>