auth-using-compare

auth-using-compare

Whether ldap_compare() is used instead of the ldap_bind() call to verify the password and authenticate the user.

auth-using-compare = {yes|true|no|false}

Choice of whether ldap_compare() is used instead of the ldap_bind() call to verify the password and authenticate the user. For those LDAP servers that allow it, a compare operation might run faster than a bind operation. The value for each server can be different, depending on how that server is configured. This option changes the method used by the following authorization API calls:

azn_util_client_authenticate()
azn_util_password_authenticate()

Options

yes|true

A compare operation is used to authenticate LDAP users.

no|false

A bind operation is used to authenticate LDAP users.
Any value other than yes|true, including a blank value, is interpreted as no|false.

To use this key value pair for performance tuning, see the IBM Security Verify Access for Web: Performance Tuning Guide.
Usage

Optional
Default value

The default values are server-dependent.
Example

auth-using-compare = yes

Parent topic: [ldap] stanza