LDAP parameters
Update the custom YAML file to provide the details that are relevant for your FileNet Content Manager and IBM Content Navigator LDAP environment. Parameters marked with (External users) apply only for environments that are using the 2-LDAP method for supporting External Share.
## The beginning section of multi ldap configuration for FNCM
#ldap_configuration_<id_name>:
#lc_ldap_id: <id_name>
## The possible values are: "IBM Security Directory Server" or "Microsoft Active Directory"
#lc_selected_ldap_type: "<Required>"
## The name of the LDAP server to connect
#lc_ldap_server: "<Required>"
...
## The LDAP group membership ID map. One possible value is "groupofnames:member" for TDS and "memberOf:member" for AD.
#lc_ldap_group_member_id_map: "<Required>"
Parameters | Description | Default Values | Required |
---|---|---|---|
ad.lc_ad_gc_host |
Active Directory host. | Yes | |
ad.lc_ad_gc_port |
Active Directory port. | Yes | |
ad.lc_group_filter |
Active Directory group filter. | (&(cn=%v)(objectcategory=group)) | No |
ad.lc_user_filter |
Active Directory user filter. | (&(sAMAccountName=%v)(objectcategory=user)) | No |
caet.lc_group_filter | CA eTrust group filter | (&(objectClass=group)(cn=%v)) | No |
caet.lc_user_filter | CA eTrust user filter | (&(objectClass=person)(cn=%v)) | No |
ed.lc_group_filter | NetIQ eDirectory group filter | (&(objectclass=groupOfNames)(cn=%v)) | No |
ed.lc_user_filter | NetIQ eDirectory user filter | &(objectclass=Person)(cn=%v)) | No |
lc_bind_secret |
User name and password for the bind user. The LDAP bind secret must have ldapUsername and ldapPassword keys. | ldap_bind_secret | |
lc_ldap_base_dn |
The base distinguished name (DN) of an LDAP user who is allowed to search the LDAP directory if the LDAP server does not allow anonymous access. | dc=hqpsidcdom,dc=com | Yes |
lc_ldap_group_base_dn |
The base DN subtree that is used when searching for group entries on the LDAP server. | dc=hqpsidcdom,dc=com | Yes |
lc_ldap_group_display_name_attr |
Provide the format of the group display name. | cn | Yes |
lc_ldap_group_member_id_map |
The group id is a filter that is used to determine the group name. | groupofnames:member | Yes |
lc_ldap_group_membership_search_filter |
Filter for finding entries in the LDAP base DN (groups) subtree that match the group name. |
(|(&(objectclass=groupofnames)
(member={0})) (&(objectclass=groupofuniquenames) (uniquemember={0}))) |
Yes |
lc_ldap_group_name_attribute |
Provide the format of the group name. | *:cn | Yes |
lc_ldap_port |
The port number for the LDAP server that you are using. | 389 | Yes |
lc_ldap_precheck | If the value is true, the operator verifies the LDAP connection during the validation phase before deploying. Else, the operator skips the validation. | true | No |
lc_ldap_server |
The host name for the LDAP server that you are using for the environment. | <hostname> | Yes |
lc_ldap_ssl_enabled |
Specify whether SSL is enabled. | true | No |
lc_ldap_ssl_secret_name |
Provide the name of the SSL secret that you created. | " " | Yes |
lc_ldap_user_display_name_attr |
Provide the format of the display name. | cn | Yes |
lc_ldap_user_name_attribute |
Provide the format of the user name. | *:cn | Yes |
lc_selected_ldap_type |
The type of the directory service provider you are using for your container environment.
Choices are
|
Yes | |
oracle.lc_group_filter | Oracle Directory group filter | (&(objectClass=group)(cn=%v)) | No |
oracle.lc_user_filter | Oracle Directory user filter | (&(objectClass=person)(cn=%v)) | No |
tds.lc_group_filter |
IBM Security Directory group filter. |
(&(cn=%v)
(|(objectclass=groupofnames) (objectclass=groupofuniquenames) (objectclass=groupofurls))) |
No |
tds.lc_user_filter |
IBM Security Directory user filter | (&(cn=%v)(objectclass=person)) | No |
Parameters | Description | Default Values | Required |
---|---|---|---|
ad.lc_ad_gc_host |
Active Directory host. | Yes | |
ad.lc_ad_gc_port |
Active Directory port. | Yes | |
ad.lc_group_filter |
Active Directory group filter. | (&(samAccountName=%v)(objectclass=group)) | No |
ad.lc_user_filter |
Active Directory user filter. | (&(samAccountName=%v)(objectClass=user)) | No |
caet.lc_group_filter | CA eTrust group filter | (&(objectClass=group)(cn=%v)) | No |
caet.lc_user_filter | CA eTrust user filter | (&(objectClass=person)(cn=%v)) | No |
ed.lc_group_filter |
IBM Security Directory group filter. |
(&(objectclass=groupOfNames)(cn=%v))
|
No |
ed.lc_user_filter |
IBM Security Directory user filter | (&(objectclass=Person)(cn=%v)) | No |
lc_ldap_base_dn |
The base distinguished name (DN) of an LDAP user who is allowed to search the LDAP directory if the LDAP server does not allow anonymous access. | dc=example,dc=com | Yes |
lc_ldap_group_base_dn |
The base DN subtree that is used when searching for group entries on the LDAP server. | dc=example,dc=com | Yes |
lc_ldap_group_display_name_attr |
Provide the format of the group display name. | (For TDS) cn | Yes |
lc_ldap_group_member_id_map |
The group id is a filter that is used to determine the group name. |
(For TDS) groupofnames:member (For AD) memberOf:member |
Yes |
lc_ldap_group_membership_search_filter |
Filter for finding entries in the LDAP base DN (groups) subtree that match the group name. |
(For TDS and AD) (|(&(objectclass=groupofnames)(member={0})) (&(objectclass=groupofuniquenames)(uniquemember={0}))) |
Yes |
lc_ldap_group_name_attribute |
Provide the format of the group name. | (For TDS) *:cn | Yes |
lc_ldap_id |
The LDAP id for your multi LDAP configuration. The <id_name> value could be ad, tds, edir, oid, ods or oud. | <id_name> | Yes |
lc_ldap_port |
The port number for the LDAP server that you are using. | 389 | Yes |
lc_ldap_precheck | If the value is true, the operator verifies the LDAP connection during the validation phase before deploying. Else, the operator skips the validation. | true | No |
lc_ldap_server |
The host name for the LDAP server that you are using for the environment. | Yes | |
lc_ldap_ssl_enabled |
Specify whether SSL is enabled. | true | No |
lc_ldap_ssl_secret_name |
Provide the name of the SSL secret that you created. | " " | Yes |
lc_ldap_user_display_name_attr |
Provide the format of the display name. |
(For TDS) cn (For AD) sAMAccountName |
Yes |
lc_ldap_user_name_attribute |
Provide the format of the user name. |
(For TDS) *:cn (For AD) user:sAMAccountName |
Yes |
lc_selected_ldap_type |
The type of the directory service provider you are using for your container environment.
Choices are
|
Yes | |
oracle.lc_group_filter |
Oracle Directory group filter | (&(objectClass=group)(cn=%v)) | No |
oracle.lc_user_filter |
Oracle Directory user filter | (&(objectClass=person)(cn=%v)) | No |
tds.lc_group_filter |
IBM Security Directory group filter. |
(&(cn=%v)(|(objectclass=groupofnames)(objectclass=groupofuniquenames)(objectclass=groupofurls)))
|
No |
tds.lc_user_filter |
IBM Security Directory user filter | (&(cn=%v)(objectclass=person)) | No |
Parameters | Description | Default Values | Required |
---|---|---|---|
ad.lc_ad_gc_host |
Active Directory host. | Yes | |
ad.lc_ad_gc_port |
Active Directory port. | Yes | |
ad.lc_group_filter |
Active Directory group filter. | (&(cn=%v)(objectcategory=group)) | No |
ad.lc_user_filter |
Active Directory user filter. | (&(sAMAccountName=%v)(objectcategory=user)) | No |
caet.lc_group_filter | CA eTrust group filter | (&(objectClass=group)(cn=%v)) | No |
caet.lc_user_filter | CA eTrust user filter | (&(objectClass=person)(cn=%v)) | No |
ed.lc_group_filter | NetIQ eDirectory group filter | (&(objectclass=groupOfNames)(cn=%v)) | No |
ed.lc_user_filter | NetIQ eDirectory user filter | &(objectclass=Person)(cn=%v)) | No |
lc_bind_secret | User name and password for the bind user. The LDAP bind secret must have ldapUsername and ldapPassword keys. | ldap-bind-secret | |
lc_ldap_base_dn |
The base distinguished name (DN) of an LDAP user who is allowed to search the LDAP directory if the LDAP server does not allow anonymous access. | dc=hqpsidcdom,dc=com | Yes |
lc_ldap_group_base_dn |
The base DN subtree that is used when searching for group entries on the LDAP server. | dc=hqpsidcdom,dc=com | Yes |
lc_ldap_group_display_name_attr |
Provide the format of the group display name. | cn | Yes |
lc_ldap_group_member_id_map |
The group id is a filter that is used to determine the group name. | groupofnames:member | Yes |
lc_ldap_group_membership_search_filter |
Filter for finding entries in the LDAP base DN (groups) subtree that match the group name. |
(|(&(objectclass=groupofnames)
(member={0})) (&(objectclass=groupofuniquenames) (uniquemember={0}))) |
Yes |
lc_ldap_group_name_attribute |
Provide the format of the group name. | *:cn | Yes |
lc_ldap_port |
The port number for the LDAP server that you are using. | 389 | Yes |
lc_ldap_precheck | If the value is true, the operator verifies the LDAP connection during the validation phase before deploying. Else, the operator skips the validation. | true | No |
lc_ldap_server |
The host name for the LDAP server that you are using for the environment. | <hostname> | Yes |
lc_ldap_ssl_enabled |
Specify whether SSL is enabled. | true | No |
lc_ldap_ssl_secret_name |
Provide the name of the SSL secret that you created. | Yes | |
lc_ldap_user_display_name_attr |
Provide the format of the display name. | cn | Yes |
lc_ldap_user_name_attribute |
Provide the format of the user name. | *:cn | Yes |
lc_selected_ldap_type |
The type of the directory service provider you are using for your container environment.
Choices are
|
Yes | |
oracle.lc_group_filter | Oracle Directory group filter | (&(objectClass=group)(cn=%v)) | No |
oracle.lc_user_filter | Oracle Directory user filter | (&(objectClass=person)(cn=%v)) | No |
tds.lc_group_filter |
IBM Security group filter. |
(&(cn=%v)
(|(objectclass=groupofnames) (objectclass=groupofuniquenames) (objectclass=groupofurls))) |
No |
tds.lc_user_filter |
IBM Security user filter | (&(cn=%v)(objectclass=person)) | No |