Before the form may be used, it must be configured. At a minimum, an option file for the form must be provided as described in Section 21.3.1.1 .
If you have a PMDF option file initially created prior to PMDF V5.2, then you may need to adjust the setting of the PMDF option FORM_NAMES; see Section 21.1.1.1 for details.
21.3.1.1 Form option file
The LDAP/X.500 pop-up form requires the use of an option file. On
OpenVMS, the name of the option file is
PMDF_TABLE:x500_form_option. This file must be world
readable. Each line of the option file contains the setting for one
option. An option setting takes the form:
option=value
Two required options which must be supplied in the option file are disscussed in Section 21.3.1.2 . Additional options are described in Section 21.3.1.4 ; customizing the form for another language is discussed in Section 21.3.1.6 .
21.3.1.2 Required options
In order to use the pop-up LDAP/X.500 addressing form, two options must
be specified in the form's option file. These two options are
LDAP_SERVERS and LDAP_BASE. If either of these options is not
specified, then the form will refuse to run and will signal an
error.5
The LDAP_SERVERS option specifies the TCP/IP host names of the LDAP servers to use. The option's value takes the form
host1+port1|host2+port2|host3+port3...where
host1, host2,
host3, ... and port1,
port2, port3, ... are,
respectively, the TCP/IP hosts and ports to which to connect. The hosts
will be attempted in the order listed, from left to right, until a
connection is successfully made to one of the hosts or the list
exhausted. IP addresses may be used in place of host names. If the port
number is omitted then the standard LDAP port, port 389, will be used.
When omitting the port number, also omit the +.
For instance, to use the hosts vax1.acme.com, vax2.acme.com, and admin.acme.com as LDAP servers, you can specify
LDAP_SERVERS=vax1.acme.com|admin.acme.com+6666|vax2.acme.comSince the port numbers were omitted for vax1 and vax2, port 389 will be used. Port 6666 is used when connecting to admin. (Port 6666 is a port number which was commonly used in the past before port 389 was officially designated as the LDAP port.)
The second required option is LDAP_BASE which specifies the distinguished name in the LDAP or X.500 tree (DIT) at which to initially position the form. Usually this will be the top level of your organization's DSA. E.g.,
LDAP_BASE=o="Innosoft International, Inc.", st=California, c=US
The logicals PMDF_X500_LDAP_SERVERS and PMDF_X500_LDAP_BASE may be used to override the values of the LDAP_SERVERS and LDAP_BASE options. The translation value of those two logicals should be the same as the values used with the option file options. For example,
$ DEFINE PMDF_X500_LDAP_BASE -
"o=""Innosoft International, Inc."",st=California,c=US"
$ DEFINE PMDF_X500_LDAP_SERVERS -
"vax1.acme.com|admin.acme.com+6666|vax2.acme.com"
With the PMDF_X500_LDAP_BASE logical, individual users or groups of users may select a different initial distinguished name at which to start the form.
21.3.1.3 Controlling attribute names
The LDAP/X.500 pop-up form has a default set of attribute names it will
use in requests to the LDAP server as well as a default set of
attribute names it will recognize in responses back from the server.
These names are shown in Table 21-3 . These default values may be
controlled with the x_IN and x_OUT options where
"x" is the name of an attribute. x_IN
specifies the attribute name to recognize in responses from the server;
x_OUT the name to use in requests to the server. Note that the
values specified with these options are case sensitive.
| Attribute name | Option name = value | Option name = value |
|---|---|---|
| associatedDomain | ASSOCIATEDDOMAIN_IN=associatedDomain | ASSOCIATEDDOMAIN_OUT=associatedDomain |
| commonName | COMMONNAME_IN=cn | COMMONNAME_OUT=cn |
| description | DESCRIPTION_IN=description | DESCRIPTION_OUT=description |
| facsimileTelephoneNumber | FACSIMILETELEPHONENUMBER_IN=facsimileTelephoneNumber | FACSIMILETELEPHONENUMBER_OUT=facsimileTelephoneNumber |
| RFC822MAILBOX_IN=mail | RFC822MAILBOX_OUT=mail | |
| homePhone | HOMEPHONE_IN=homePhone | HOMEPHONE_OUT=homePhone |
| homePostalAddress | HOMEPOSTALADDRESS_IN=homePostalAddress | HOMEPOSTALADDRESS_OUT=homePostalAddress |
| joinable | JOINABLE_IN=joinable | JOINABLE_OUT=joinable |
| member | MEMBER_IN=member | MEMBER_OUT=member |
| memberOfGroup | MEMBEROFGROUP_IN=memberOfGroup | MEMBEROFGROUP_OUT=memberOfGroup |
| objectClass | OBJECTCLASS_IN=objectClass | OJECTCLASS_OUT=objectClass |
| owner | OWNER_IN=owner | OWNER_OUT=owner |
| userPassword | USERPASSWORD_IN=userPassword | USERPASSWORD_OUT=userPassword |
| postalAddress | POSTALADDRESS_IN=postalAddress | POSTALADDRESS_OUT=postalAddress |
| rfc822ErrorsTo | RFC822ERRORSTO_IN=rfc822ErrorsTo | RFC822ERRORSTO_OUT=rfc822ErrorsTo |
| rfc822RequestsTo | RFC822REQUESTSTO_IN=rfc822RequestsTo | RFC822REQUESTSTO_OUT=rfc822RequestsTo |
| telphoneNumber | TELEPHONENUMBER_IN=telphoneNumber | TELEPHONENUMBER_OUT=telphoneNumber |
| title | TITLE_IN=title | TITLE_OUT=title |
| uid | USERID_IN=uid | USERID_OUT=uid |
21.3.1.4 Additional options
Described below are some additional options which may be specified in
the form's option file.
AUTHORIZATION_METHOD (SIMPLE)
The authorization method to use when binding to a LDAP server. At present, the only supported method is simple authorization.CHARSET (text string <= 252 characters long)
The character set the form should use. Keyboard input will be translated from this character set to T.61 prior to transmission to the LDAP server; output from the LDAP server will be translated to this character set prior to display upon a terminal. If no character set is specified, then the DEC multinational character set, DEC-MCS, will be used. The selected character set must be one which appears in thecharsets.txtfile in the PMDF table directory.6 Note that additional character sets may be added to that file; refer to the PMDF CHBUILD utility documentation for details.DN (text string <= 252 characters long)
A distinguished name, DN, to use when binding to a LDAP server. By default, no distinguished name is used. Use the PASSWORD option to specify any password associated with the DN.EXTRA_OU (0, 1, or 2)
By default, the pop-up addressing form provides fields for five organizational units (ou) in a distinguished name. With this option, the number of fields may be increased to six (EXTRA_OU=1) or seven (EXTRA_OU=2). The default is EXTRA_OU=0. These additional fields appear at the expense of making the form look more cluttered.FILTERFILE (text string <= 252 characters long)
The complete file specification for a LDAP filter file to use for constructing search filters. By default, the fileldapfilter.conffile in the PMDF table directory is used. See Section 21.3.1.5 for additional details.HELPFILE (text string <= 252 characters long)
The complete file specification for a text file containing help information. The contents of this file will be displayed when help is requested from the main addressing screen. By default, the file used is the OpenVMS filePMDF_DOC:x500_form.hlp. See also the MENU_HELPFILE option.LDAP_BASE (text string <= 252 characters long)
The initial distinguished name at which to position the form. See Section 21.3.1.2 for details.LDAP_SERVERS (text string <= 252 characters long)
A list of one or more LDAP servers to use. See Section 21.3.1.2 for details.MENU_HELPFILE (text string <= 252 characters long)
The complete file specification for a text file containing help information. The contents of this file will be displayed when help is requested from within a selection menu. By default, the file used isPMDF_DOC:x500_form_menu.hlp. See also the HELPFILE option.NEXT (K, L, N, or P)
The control character which may be entered to move to the next address when more than one address is being entered). By default, CTRL/N (NEXT=N) is the control character keystroke used.PASSWORD (text string <= 252 characters long)
This option may be used in conjunction with the DN option to specify a password to use when binding to a LDAP server.PREV (K, L, N, or P)
The control character which may be entered to move to the previous address when more than one address is being entered. By default, CTRL/P (PREV=P) is the control character keystroke used.
21.3.1.5 Filter file
The directory search strategies used by the terminal-based form are
specified in a LDAP filter file. By default, the file
ldapfilter.conf from the PMDF table directory is used; an
alternate file may be selected with the FILTERFILE option. From the
filter file, the form uses those filters with tag names of the form
pmdf_form_xwhere
x designates the type of field being
searched: c, cn, l,
o, ou, and st (country, common
name, locality, organization, organizational unit, and state). Should
you wish to alter any of these filters, you should create your own
filter file and direct the form to use it with the FILTERFILE option.
Do not modify the supplied ldapfilter.conf file.
Otherwise, your changes will be lost when you upgrade or reinstall PMDF.
See Section 3.2.6.5 for a further discussion of the
ldapfilter.conf file and creating your own filter file.
21.3.1.6 Changing languages
The file x500_form_option.sample in the PMDF table
directory is a sample option file which specifies the default option
values used by the LDAP/X.500 pop-up form. In that option file, there
appear a large number of options beginning with STR_ or ending with
_LABEL or _COMMENT. Those options, which are not documented here, may
be used to control the text appearing in labels, prompts, and messages.
They allow customization of the form for use with languages other than
English. See also the description of the CHARSET, HELPFILE, and
MENU_HELPFILE options in Section 21.3.1.4 .