Skip to Content
Author's profile photo Tobias Hofmann

Configure SUP to use OpenDJ as authentication provider


Before following the steps outlined here make sure that you have OpenDJ installed, configured, running and that a LDAP structure with OU, users and groups does exist. These documents explain how to get OpenDJ up and running:

The configurations steps outlined in this document are basically following the official SUP documentation, they are just adjusted for the actual OpenDJ installation.

Create a security configuration

Login to Sybase Control Center on http://sup:8283/scc Select Security on the right and create a new security configuration. Give it a meaningful name, like Android.


Edit the authentication providers. Basically this is the same as outlined in the document NAME. Delete the standard NoSecProvider, add a new one and using the as authentication provider.


Configure the parameters as explained in the SUP documentation


The parameter “Provider URL” points to your actual OpenDJ installation. The port 389 is a standard LDAP port and localhost is given because OpenDJ is running in the same machine as SUP.  Make sure that the parameters

  • Bind Password,
  • Authentication Search Base and
  • Role Search Base

reflect your actual OpenDJ configuration. To tell SUP what kind of LDAP server to expect, the parameter “Server Type” needs to be set to openldap.


It is not necessary to configure an authorization provider, as SUP documentation explains. Validate and apply the changes.


Now you have an additional security configuration. To make use of it the new configuration needs to be added to a domain. Add the new security configuration to the default domain.


Now you can select the new security configuration when deploying a MBO with the SDK:


To see what MBOs / applications are assigned to the security domain, you can use the SCC and check what is registered under the domain and security configuration.


Now applications that are using the MBO will start making use of the security configuration. In the SUP101 example the deployed native Android app automatically will use the new configuration. The application used is SUP101 from the tutorials. This means that you have to provide the credentials in the source code:

private static String USERNAME = "<OpenDJ user>";
private static String PASSWORD = "<password>";

Build the app and run it on your Android simulator. The app will try to connect to SUP and load the DB, then present a screen containing a list of names. When the app is not able to load the data from SUP (aka: logon error), the screen won’t show the names.


Loading the data.


Showing the DB content

Verify setup

Does it really work? Let’s test the same application with wrong credentials for user android22

private static String USERNAME = "<OpenDJ user>";
private static String PASSWORD = "<wrong password>";

After starting the app:


In the debug console the app will throw an authentication error;


How does that look from the server side? In the SUP log the same authentication error will look like:


Assigned Tags

      You must be Logged on to comment or reply to a post.
      Author's profile photo David Clavey
      David Clavey

      Very good Blog, I look forward to trying OpenDJ in my development environment. Currently I am using a combination OpenLDAP and JXplorer, but it looks like OpenDJ does it all. Thanks 🙂

      I assume that OpenDJ could also be used with Afaria. Have you got an example of the config you would use with Afaria ?

      Author's profile photo Tobias Hofmann
      Tobias Hofmann
      Blog Post Author

      Sorry, I do not have any example for Afaria. As OpenDJ implements the LDAP "standards" it should be possible to replace every LDAP server with OpenDJ

      Author's profile photo Former Member
      Former Member

      Hi Tobias,

      I don’t have much knowledge about LDAP. I am trying to configure LDAP in SUP 2.1.3, I followed your three blogs. Now I want to login to SCC with the user I created in openDJ. So please help me to configure LDAP in SUP 2.1.3.


      Thanks & Regards,

      Fibeesh C.A

      Author's profile photo Tobias Hofmann
      Tobias Hofmann
      Blog Post Author

      The configuration outlined here is for MBOs: The LDAP is used to authenticate the user when using the MBO, not when logging on to SUP SCC.

      For configuring SCC to authenticate agains LDAP, follow the steps detailed in the SUP documentation:

      Author's profile photo Former Member
      Former Member

      Thank you Tobias,

      The link which you given is for SUP 2.1.2 and I am using SUP 2.1.3 in SUP 2.1.3 its not require to modify the & roles-map.xml.


      I am able to authenticate the user for MBO with OpenDJ, I also want to authenticate SCC.


      Any way thank you for your great support, as a beginner your blogs helps me a lot.



      Fibeesh C.A