This file configures from where calls may be made, properties to pass to the ldap server and mappings to perform on the provided user name to get the returned value.
This is to cater for possibilities not otherwise covered
context.props = java.naming.factory.initial java.naming.security.authenticationwhich are actually the default values.
context.props.java.naming.factory.initial = com.sun.jndi.ldap.LdapCtxFactory
context.props.java.naming.security.authentication = simple
It is possible to specify a query which will map the user name provided onto a new name. This is controlled by the three properties listed below. If one is present they must all be present. For example:
ldap.base = DC=fed,DC=cclrc,DC=ac,DC=ukwill work at RAL to replace the user name identified by the CN value with that held in the name attribute.
ldap.filter = (&(CN=%)(objectclass=user))
ldap.attribute = name
This is required for icat to see the new authenticator. As any earlier version of this authenticator will have been removed then it is important to perform this next step promptly.
If you still have the installation directory for icat then edit the icat.properties to refer to the new authenticator and type: ./setup install Otherwise edit the icat.properties file in the config directory for your domain and restart the glassfish domain.
Use testicat (which is installed with ICAT) with one of the entries in the database PASSWD table. It should report that it logs in but may or may not have the permission to run the rest of the test. If it does not report that it has logged in then please check the server.log and the authn_ldap.log files which can both be found in the logs directory below your domain.