LDAP properties
Use the $NCHOME/omnibus/etc/ldap.props properties file to define configuration settings for connecting to an LDAP repository.
The LDAP properties are described in the following table. You must verify the value of all these properties with the LDAP administrator, except for the ConfigCryptoAlg, ConfigKeyFile, and SSLKeyStoreLabel properties.
If the LDAPBindPassword distinguished name password needs to be periodically updated to conform with security regulations, consider setting the Props.LiveUpdate property to TRUE. This supports dynamic updates to the LDAPBindPassword property without the need to stop or restart the ObjectServer.
Property | Description |
---|---|
ConfigCryptoAlg string | Specifies the cryptographic algorithm to use for decrypting string
values (including passwords) that were encrypted with the nco_aes_crypt utility
and then stored in the properties file. Set the string value as follows.
The value that you specify must be identical to the value used when you ran nco_aes_crypt with the -c setting to encrypt the string values. Use this property with the ConfigKeyFile property. |
ConfigKeyFile string | Specifies the path and name of the key file that contains the key that is used to decrypt encrypted string values (including passwords) in the properties file. The key is used at run time to decrypt string values that were encrypted with the nco_aes_crypt utility. The key file that you specify must be identical to the file used to encrypt the string values when you ran nco_aes_crypt with the -k setting. Use this property in conjunction with the ConfigCryptoAlg property. |
DistinguishedName string | Specifies the distinguished name (DN) that identifies
the user that is being authenticated in the target LDAP server. A
sample format that shows some of the attribute type-value pairs in
the DN is:
Where:
Example distinguished names:
The
default is The attributes can be in
uppercase or lowercase, for example, |
Hostname string | Identifies the name of the host on which the
LDAP server is running, and to which the ObjectServer connects. Acceptable
values are:
Example entries are:
The default is localhost. |
LDAPBindDn string | Specifies the distinguished name of the LDAP
user account that is used for bind authentication. This value is used
to establish a persistent connection to the LDAP server, and is used
for subsequent authentication operations. If you do not specify a value for this property, the ObjectServer uses an anonymous bind to LDAP. The default is Use this property with the LDAPBindPassword property. |
LDAPBindPassword string | Specifies the password for LDAP bind authentication. The default is
'' .Use this property with the LDAPBindDn property. When the Props.LiveUpdate property is set to TRUE, the LDAPBindPassword value can be updated in the property file whilst the ObjectServer is running. The new value is used the next time the ObjectServer makes a connection to the LDAP server, without the need for the ObjectServer to be stopped or restarted. |
LDAPSearchBase string | Specifies the base distinguished name that an
LDAP search starts from. For example:
To specify that multiple DNs are searched, separate each DN with two semicolons (;;). For example:
Note: If
the distinguished name string contains a double quotation mark ("),
use a backslash character (\) to escape it, for example,
\" .The default is ''. |
LDAPSearchFilter string | Specifies a filter for an LDAP search. For example:
The following special character conditions
apply to filter strings:
Note: Any escape sequences defined in this property are
applied in Tivoli Netcool/OMNIbus before
the values are passed to LDAP. They are separate to any escape sequences
that are defined in the LDAP string filter specification.
The default is (cn=%s). |
LDAPTimeout integer | Specifies a timeout period (in seconds) for
requests to the LDAP server. If a request takes longer than the specified time, an error is logged. The default is 60. |
LDAPVersion integer | Indicates the LDAP version that the server is running. Valid values are 2 and 3. The default is 3. |
Port integer | Specifies the port on which the LDAP server is listening. The default is 389. |
Props.LiveUpdate TRUE | FALSE |
The default is FALSE. When set to TRUE, the ObjectServer reads and processes any updates to the LDAPBindPassword property. |
SSLEnabled TRUE | FALSE | Determines whether SSL can be used for connections
to the LDAP server. The default is FALSE. On Windows only, if SSL is enabled for connections to the LDAP server, the following environment variable must be set for the ObjectServer to start successfully:
|
SSLKeyStoreLabel string | Specifies the label of the server certificate for the ObjectServer if the LDAP
server is expecting the ObjectServer to present a certificate for authentication. This certificate
is held in the Tivoli Netcool/OMNIbus key database, and can be presented to the LDAP server when client authentication is required. If
this property is not set and SSL is enabled, server authentication is used. This property is
applicable only when the SSLEnabled property is set to TRUE.
The default is |
SSLPort integer | Specifies the port on which the LDAP server
is listening for SSL connections. This property is applicable only
when the SSLEnabled property is set to TRUE. The default is 636. |