Logons using the LDAP mechanism must include the name of either the domain or realm (depending on the directory), where both of the following are true:
- The site elects to use SASL/DIGEST-MD5 authentication.
- The authenticating directory server offers more than one SASL realm.
You can use the .logdata statement to specify a domain or realm in the form:
If the logon string does not include a domain/realm value, and a value is required, the system defaults to the value stored in the LdapServerRealm property of the LDAP mechanism. If the LdapServerRealm property value is not correct, you can change the value in the configuration file or require that users enter the correct value as part of the logon. If the system defaults to an incorrect LdapServerRealm property value, or if the user submits an invalid value as part of the logon string, the system returns an error message.