Skip to end of metadata
Go to start of metadata

You are viewing an old version of this content. View the current version.

Compare with Current View Version History

Version 1 Next »

This section covers the properties that need to be configured in order to successfully connect to LDAP Server and perform bind & search operations on LDAP Server.

The values of the following properties depend on your LDAP Server. Refer the Sample or Possible Values field of the table below for examples.


Property Name

Property Description

Sample or Possible Values

abpm.ldap.enableLdap

Configurable option to enable or
disable LDAP authentication in
Adeptia Suite.

yes

no, true

false

abpm.ldap.provider.url

Provider URL to connect to LDAP
Server.

ldap://serverName:389

abpm.ldap.naming.factory.ini
tial

JNDI initial context factory required
for LDAP authentication.

com.sun.jndi.ldap.
LdapCtxFactory

abpm.ldap.security.authentication

Mode for LDAP security authentication.

none

simple

sasl_mech

abpm.ldap.searchScopeLevel

Search scope level.

One

Object

Subtree

abpm.ldap.enableLdapOverSSL

Configurable option to enable or
disable LDAP connection over
SSL.

yes

no, true

false

abpm.ldap.SearchTimeout

Timeout in seconds for LDAP search operations.

60

abpm.ldap.ServerTimeout

Read timeout in seconds for
LDAP operations.

60

abpm.ldap.bindDN

The DN used to bind against the
LDAP server for the user and roles queries.
This is some DN with
read/search permissions on the
baseContextDN and rolesContextDN
values. It basically specifies DN of
admin user in LDAP server.
    • uid=root,ou=devusers,dc=company,dc=com (for OpenLDAP)
    • cn=administrator,cn=Users,dc=company3,dc=com (for Active Directory)

abpm.ldap.bindCredential

The password for the bindDN.

xxxxxxx

abpm.ldap.baseContextDN

The fixed DN of the context to start the
user search from.
    • ou=devusers,dc=company,dc=com (for OpenLDAP)
    • cn=users,dc=company3,dc=com (for Active Directory)

abpm.ldap.baseFilter

A search filter used to locate the context
of the user to authenticate. The input
username as obtained from the login
module callback will be substituted into
the filter anywhere a "{0}" expression is seen.
    • (uid={0})(objectclass=dev) (for OpenLDAP)
    • (sAMAccountName={0}) (for Active Directory)

abpm.ldap.rolesContextDN

The fixed DN of the context to search for
user roles. For Active Directory, this is the
DN where the user account is.
    • ou=devgroups,dc=company,dc=com (for OpenLDAP)
    • cn=users,dc=company3,dc=com (for Active Directory)

abpm.ldap.roleFilter

A search filter used to locate the roles
associated with the authenticated user.
The input username as obtained from
The login module callback will be
substituted into the filter anywhere
a "{0}"expression is seen. The
authenticated userDN will be substitute
into the filter anywhere a "{1}" is seen.

    • (member={1})(objectclass=groupOfNames) (for OpenLDAP)
    • (member={1}) (for Active Directory)

abpm.ldap.roleAttributeID

The name of the role attribute of the
context which corresponds to the name
of the role. If the roleAttributeIsDN
property is set to true, this property is the
DN of the context to query for the
roleNameAttributeID attribute. If the
roleAttributeIsDN property is set to false,
this property is the attribute name of the
role name.

cn

abpm.ldap.roleAttributeIsDN

A flag indicating whether the user's role
attribute contains the fully distinguished
name of a role object, or the user's role
attribute contains the role name. If false,
the role name is taken from the value of
the user's role attribute. If true, the role
attribute represents the distinguished
name of a role object. The role name is
taken from the value of the
roleNameAttributeId attribute of the
corresponding object. The default value of this property is false.

yes

no, true

false

abpm.ldap.roleNameAttributeID

The name of the role attribute of the
context which corresponds to the name of
the role. If the roleAttributeIsDN
property is set to true, this property is
used to find the role object's name
attribute. If the roleAttributeIsDN property
is set to false, this property is ignored.

cn

abpm.ldap.roleDN.searchRoleNameAttributeID

Configurable option to enable or disable searching role name attribute in user's distinguished name.

yes

no, true

false

abpm.ldap.roleRecursion

Specifies how deep the role search will
Go below a given matching context.
Disable with 0, which is the default.

0

abpm.ldap.enable.anonymous.login

Configurable option to enable or disable anonymous login through blank password in LDAP.

yes

no, true

false


  • No labels