Parameters for LDAP configuration

The required value is LDAP.

No default value.

A valid value is any valid ldap:// or ldaps:// URL, any valid server name, and any valid IP address.

No default value.

The port of the server.

A valid value is any valid port number.

The default value is:

• 389 for a plain LDAP connection.
• 636 for a requested LDAPS connection.

An absolute path to an existing directory. It may either be the directory containing the SSX installation (as in ${SSXDIR}) or it points to the directory containing the ssxconfig file to be used (as in ${SSXDIR}/etc).

The ssxconfig file, which may contain the TLS configuration and the common LDAP server configuration, is looked for at the given directory. See TLS/SSL configuration and common defaults for multiple LDAP servers.

No default value.

The name of the common LDAP server configuration as set up in the ssxconfig file.

A valid value is any name as specified as the second part in the default LDAP configuration, for example, CorporateDS if the ssxconfig file then contains configuration lines prefixed such as "ldap.corporateds.". See TLS/SSL configuration and common defaults for multiple LDAP servers.

Suggested values:

• OpenLdap
• ActiveDirectory
• ApacheDS
• RHDS

No default value.

Valid values (example):

ou=users,ou=germany,dc=sa,dc=com

No default value.

Valid values (example):

ou=groups,ou=germany,dc=sa,dc=com

No default value.

The object classes of the user entries.

Valid values:

String_Value1, String_Value2, ..., String_ValueN

Overrides the common configuration parameter in ssxconfig as a runtime parameter. See TLS/SSL configuration and common defaults for multiple LDAP servers.

The object classes of the group entries.

Valid values:

String_Value1, String_Value2, ..., String_ValueN

Overrides the common configuration parameter in ssxconfig as a runtime parameter. See TLS/SSL configuration and common defaults for multiple LDAP servers.

The property name of a user entry that points to the group in which the user is a member.

Valid values:

String_Value

Overrides the common configuration parameter in ssxconfig as a runtime parameter. See TLS/SSL configuration and common defaults for multiple LDAP servers.

The property name of a user entry that points from the group to the respective users.

Valid values:

String_Value

Overrides the common configuration parameter in ssxconfig as a runtime parameter. See TLS/SSL configuration and common defaults for multiple LDAP servers.

The property name that denotes the user ID.

Valid values:

String_Value

Overrides the common configuration parameter in ssxconfig as a runtime parameter. See TLS/SSL configuration and common defaults for multiple LDAP servers.

The property name that denotes the group ID.

Valid values:

String_Value

Overrides the common configuration parameter in ssxconfig as a runtime parameter. See TLS/SSL configuration and common defaults for multiple LDAP servers.

The property name that denotes the password field of a user entry.

Valid values:

String_Value

Overrides the common configuration parameter in ssxconfig as a runtime parameter. See TLS/SSL configuration and common defaults for multiple LDAP servers.

May contain additional fields and values that are used when a new user is added. The string %% will be replaced by the actual user name parameter.

Valid values:

String_Value

Overrides the common configuration parameter in ssxconfig as a runtime parameter. See TLS/SSL configuration and common defaults for multiple LDAP servers.

May contain additional fields and values that are used when a new group is added. The string %% will be replaced by the actual group name parameter.

Valid values:

String_Value

Overrides the common configuration parameter in ssxconfig as a runtime parameter. See TLS/SSL configuration and common defaults for multiple LDAP servers.

If the domain name is not specified explicitly and the defaultDomain parameter is set, this value is interpreted as BaseBindDN.

Valid values:

• true - The domain is interpreted as a BaseBindDN (for example, ou=People,dc=myorg,dc=com).
• false - Default value.

The user's properties of interest.

A valid value is a comma-separated list that contains the property names:

String_Value1, String_Value2, ..., String_ValueN

The property names are amended by an indicator signifying whether the property is read-only (:r) or read/write (:w).

The list with property names for a user entry is empty in the following cases:

• All specified properties do not exist.
• All specified properties are binary properties.

Overrides the common configuration parameter in ssxconfig as a runtime parameter. See TLS/SSL configuration and common defaults for multiple LDAP servers.

The group's properties of interest.

A valid value is a comma-separated list that contains the property names:

String_Value1, String_Value2, ..., String_ValueN

The property names are amended by an indicator signifying whether the property is read-only (:r) or read/write (:w).

The list with property names for a group entry is empty in the following cases:

• All specified properties do not exist.
• All specified properties are binary properties.

Overrides the common configuration parameter in ssxconfig as a runtime parameter. See TLS/SSL configuration and common defaults for multiple LDAP servers.

If true, try to set up an encrypted communication over the plain LDAP port if the LDAP server supports it. Ensure to properly set up the ssxconfig file. See TLS/SSL configuration and common defaults for multiple LDAP servers for instructions.

Ignored if a TLS/SSL-secured communication to the LDAP server is configured, for example, through the ldapSSLConnection parameter or by specifying an ldaps:// URL with the serverHost parameter.

Valid values:

• true
• false - Default value

The method for finding the groups of a user using the LDAP authentication type.

Valid values:

• CP - This method uses a computed property field that contains all of the groups (virtually) in the user record.
• RU - Default value. The recurse up method looks for a particular field (personGrpAttr) to find the groups in which the current entry is a direct member.
• RD - The recurse down method performs an LDAP search to find all groups that have the particular user as a member. There are no more recursions performed at this time.

The name of an LDAP property. It is activated if resolveGroups is set to CP.

Valid values:

String_Value

No default value.

If true, a TLS/SSL secured communication to the LDAP server is enforced. Ensure to properly set up the ssxconfig file. See TLS/SSL configuration and common defaults for multiple LDAP servers for instructions.

Valid values:

• true - Default value if the serverHost parameter is specified as an ldaps:// URL.
• false - Default value in all other cases.

If true, try to follow LDAP server referrals.

Valid values:

• true - Default value
• false

The kind of binding during referral following.

Valid values:

• same_creds - Default value. Uses the same credentials for authentication to the next LDAP server.
• no_creds - Uses anonymous binding to the next server.

The count of the referral hops. If this parameter is not specified, the count is unlimited.

A valid value is any positive integer.

The default value is unlimited.

Enables the usage of a technical user.

Valid values:

• true
• false - Default value

The path of the technical user credentials file.

A valid value is any valid directory and file name on the file system.

No default value.

For more information, see Creating technical user credential files.

The path of the key file.

A valid value is any valid directory and file name on the file system.

No default value.

For more information, see Additional information about key files.

The number of seconds after which a long running LDAP operation is canceled.

Overrides the common configuration parameter in ssxconfig as a runtime parameter. See TLS/SSL configuration and common defaults for multiple LDAP servers.

Whether or not an SASL authentication is to be used on this LDAP connection.

Valid values:

• true
• false - Default value