SASL (Simple Authentication and Security Layer)

About this task

The following parameters relate to using SASL to secure the connection to the LDAP server. If you are not using SASL, the parameters must not be edited. Comment out the parameters. The following values are used to configure IBM® BigFix® Remote Control to connect to Active Directory that uses SASL in a test environment. Consult your organizations active directory support team to acquire the correct values for your company.
ldap.security_authentication
Specifies the security level to use. If this property is unspecified, the behavior is determined by the service provider. If you are using SSL, the value is set to simple. If you are using SASL, the value is set to the SASL mechanism DIGEST-MD5.
ldap.security_authentication= DIGEST-MD5
ldap.connectionRealm
The Realm name where the user ID and password resides.
ldap.connectionRealm= mydomain.mycompany.com
ldap.connectionQop
This value can be one of:
  • auth = Authentication only
  • auth-int = Authentication and integrity checking by using signatures
  • auth-conf = (SASL only) Authentication, integrity and confidentiality checking by using signatures and encryption.
ldap.connectionQop= auth-conf
ldap.connectionMaxbuf
Number that indicates the size of the largest buffer the server is able to receive when you use auth-int or auth-conf. The default is 65536.
ldap.connectionMaxbuf= 16384
ldap.connectionStrength
Connection strength can be one of: low, medium, high.
ldap.connectionStrength= high