LDAP servers can be configured with a level of access control that prevents unauthorized access to directory data. As a result, to connect to an LDAP server and search for a PowerExchange user, the PowerExchange Listener or PowerExchange Logger for Linux, UNIX, and Windows uses a search user. A search user is an LDAP user that has access permissions that allow connection to the LDAP server and searching of the relevant LDAP entries. This search user requires credentials so that the LDAP server can authenticate and authorize the connection and search.
To configure the LDAP credentials of the search user in PowerExchange, define the LDAP_BIND_DN statement and the LDAP_BIND_EPWD or LDAP_BIND_PWD statement in the DBMOVER configuration file.
LDAP servers can also be configured for anonymous access. To support this case, define the LDAP_BIND_DN and LDAP_BIND_PWD values to be the empty string.
If you configure LDAP TLS to require client certification and specify a SASL mechanism of EXTERNAL, you do not need to define the LDAP_BIND_DN, LDAP_BIND_EPWD, or LDAP_BIND_PWD statements. In this case, the identity and credentials of the search user are obtained from a client certificate and the LDAP server certificate mapping configuration.