LDAP Authentication Configuration
You can configure the LDAP authentication by working upon the listed properties.
In order to use LDAP authentication the appropriate properties must be configured in *global.properties or solution.properties. The list of these properties along with their descriptions follows: *
api.custom.authentication
This is the same property used for username and password authentication. For more information on username and password authentication see the "Username/password based authentication" section. This property
points to a JavaScript text file on the disk that contains custom authentication code. The user may not specify this property, in which case he can only use the IBM® Security Verify Directory Integrator 6.0 SSL-based authentication mechanism.
The IBM® Security Verify Directory Integrator Version 10.0.0 username and password authentication does not work. Set this property to "[ldap]" to enable the IBM® Security Verify Directory Integrator Version 10.0.0
built-in LDAP Authentication mechanism, like this: api.custom.authentication=[ldap] All properties starting with "api.custom.authentication.ldap." are only be taken into account when api.custom.authentication is set
to [ldap].
api.custom.authentication.ldap.critical
This parameter specifies the Server API behavior when the LDAP Authentication module cannot be initialized on startup. If this parameter is set to "true" the Server API initialization fails
and the Server API is not started.
If this parameter is missing or is set to "false" the Server API logs the LDAP Authentication initialization error but the Server API is started. An attempt to initialize the LDAP Authentication module is made on each authentication request received by the Server API until the LDAP Authentication module is initialized.
api.custom.authentication.ldap.hostname
The LDAP Server hostname. If LDAP custom authentication is used, this is a required property.
api.custom.authentication.ldap.port
The LDAP Server port number. For example, 389 for non-SSL or 636 for SSL. If LDAP custom authentication is used, this is a required property.
api.custom.authentication.ldap.ssl
Specifies whether SSL is used to communicate with the LDAP Server. When set to "true" SSL is used, otherwise SSL is not used.
api.custom.authentication.ldap.searchbase
Specifies the LDAP directory location where user searches is preformed. When this property is not specified user searches is not performed.
api.custom.authentication.ldap.admindn
Specifies an LDAP Server administrator distinguished name that is used for user searches. When this property is not specified anonymous bind is used for user searches.
api.custom.authentication.ldap.adminpassword
Password for the LDAP Server administrator distinguished name.
api.custom.authentication.ldap.userattribute
Specifies the user ID attribute to be used in searches. When this property is not specified user searches are not performed. An example setting of this property would be: api.custom.authentication.ldap.userattribute=cn
If a required property is missing an exception is thrown on initialization.
If the value of either api.custom.authentication.ldap.searchbase or api.custom.authentication.ldap.userattribute is missing no search context is initialized and no searches is performed during the actual user authentication. (No search means that the bind to the LDAP Server is attempted directly with the username and password provided for authentication.)
When api.custom.authentication.ldap.admindn is provided a search context is created using "simple" authentication. If an error occurs during the search context initialization, the initialization of the LDAP Authentication module fails and an exception is thrown.
When api.custom.authentication.ldap.admindn is not provided a JNDI search context is created using JNDI "anonymous" bind.
Note: If the search context cannot be initialized using api.custom.authentication.ldap.admindn, authentication fails directly - no anonymous bind is attempted.