service-token-card-dn
service-token-card-dn = <service_pseudo_dn>
Description
Pseudo-distinguished name of the service that issues the password synchronization request.
The Password Synchronization Plug-in uses the service-token-card-dn pseudo-distinguished name for requests using the token card authentication method. If this configuration entry is specified, it overrides service-source-dn when using the token card authentication method. We can specify more than one pseudo-distinguished name. Separate the pseudo-distinguished names with a semicolon (;). The Password Synchronization Plug-in iterates through the list of service names until it finds an account for one of the services. If the Password Synchronization Plug-in cannot find an account for the specified services, it returns an error message. Each pseudo-distinguished name is a comma-separated list of the following attributes:
The pseudo-distinguished name that is formed from these example values is: erservicename=TAM 6.0 Service,o=International Business Machines, ou=IBM,dc=com.
- The erservicename attribute of the ISAM service name, as defined in ISIM. For example, erservicename=TAM 6.0 Service.
- The o attribute of the organization to which the service belongs. For example, o=International Business Machines.
- The ou and dc attributes from the service distinguished name in ISIM. For example, ou=IBM,dc=com.
Options
<service_pseudo_dn> Service pseudo-distinguished name for the token card authentication method.
Usage: If the is_enabled configuration entry in the [itim] stanza is set to true then configure at least one of the following configuration entries:
- service-source-dn
- service-password-dn
- service-token-card-dn
Default value None.
Example:
service-token-card-dn = erservicename=ISAM Employees Service,o=MyCo,ou=IBM,dc=com