r12.0 SP4: The "concurrent-bind-user" configuration command now supports multiple DN's.

Document ID : KB000050897
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

In previous service packs, the concurrent-bind-user configuration command only supported one DN. This was a problem for large CA SiteMinder implementations that have multiple CA Directory user stores.

CA Directory r12.0 Service Pack 4 now supports multiple DNs for this configuration paramater.

Solution:

To define multiple DN's in the DSA's configuration file for the "concurrent-bind-user" command, you specify the command as a comma-separated list, e.g.:

set concurrent-bind-user = <c AU><o Democorp><ou Users><cn "Chris Hanlen">,                           <c AU><o Democorp><ou Users><cn "Craig Link">,                           <c AU><o Democorp><ou Users><cn "Candace Hanlen">;

After saving the file, run "dxsyntax" in order to confirm that the command has been specified correctly.

Note: The DN values must be supplied in CA Directory's X.500 notation and ordering (top-down), not LDAP DN format (bottom-up).

When the DSA is running, you can confirm that the multiple DN's have been loaded correctly, by opening up a DXconsole session and typing in the command: "get user;"

Welcome to the DSA Management Consoledsa> get user; allow-binds    = TRUEallow-native-prefix-reauthentication = FALSEauth-trap      = FALSEauthentication = nonebusy-for-referral = FALSEconcurrent-bind-user =        <countryName "AU">        <organizationName "Democorp">        <organizationalUnitName "Users">        <commonName "Candace Hanlen">         <countryName "AU">        <organizationName "Democorp">        <organizationalUnitName "Users">        <commonName "Craig Link">         <countryName "AU">        <organizationName "Democorp">        <organizationalUnitName "Users">        <commonName "Chris Hanlen">