LDAP properties

These properties apply to LDAP.

An external LDAP server can be used for user authentication. Both anonymous authentication and password-based authentication are supported with an external LDAP server.

The LDAP server host name, port number, base distinguished name, bind distinguished name, and password (required for password-based authentication) are configurable in the collation.properties file. You can also configure the specific naming attribute that can be searched for to match the user ID (UID).

LDAP configuration is recommended in synchronization server and domain server deployments. In an enterprise environment, configure the domain server and the synchronization server to use the same user registry. When you log in to a domain server that is connected to a synchronization server, the login is processed at the synchronization server. If a network connection problem occurs between the synchronization server and a domain server, you can successfully log in to the domain server without reconfiguration if the domain server is configured to use the same user registry as the synchronization server.

com.collation.security.auth.ldapAuthenticationEnabled=true
The default value is true.

This property is used to enable LDAP authentication.

com.collation.security.auth.ldapBaseDN=ou=People,dc=ibm,dc=com
The default value is ou=People,dc=ibm,dc=com.

This property defines the LDAP Base Distinguished Name (DN). The LDAP Base Distinguished Name is the starting point for all LDAP searches.

com.collation.security.auth.ldapBaseGroupDN
In the collation.properties file, this property is commented out by default.

This property defines the LDAP root branch for searching groups, which can be different from the root branch for all LDAP queries. To specify more than one LDAP root branch for searching for groups, separate the branch names by using the ; character.

If you do not specify a value for this property, the default value is the value of the com.collation.security.auth.ldapBaseDN property.

com.collation.security.auth.ldapBindDN=uid=ruser,dc=ibm,dc=com
The default value is uid=ruser,dc=ibm,dc=com.
If simple authentication is used, this property defines the user ID that is used to authenticate to LDAP.
Important:
  • If a value for com.collation.security.ldapBindDN is not supplied or if the property is commented out, an anonymous connection to LDAP is attempted. The following example shows how the property can be commented out with the number sign (#):
    #com.collation.security.auth.ldapBindDN=uid=ruser,
    dc=ibm,dc=com
  • If a value is specified for com.collation.security.auth.ldapBindDN, simple authentication is used and
  • a value for com.collation.security.auth.ldapBindPassword must also be specified.
com.collation.security.auth.ldapBindPassword=ruser
The default value is ruser.

If simple authentication is used, this property defines the user password that is used to authenticate to LDAP.

com.collation.security.auth.ldapClientKeyStore=ks_path
The property defines the location of the keystore that contains the certificates on the TADDM server. The store must contain the client certificate to authenticate the TADDM server with the LDAP server.
com.collation.security.auth.ldapClientKeyStorePassphrase=ks_passphrase
Optional: This property defines the password to the keystore.
com.collation.security.auth.ldapClientTrustStore=ts_path
The property defines the location of the truststore that contains the certificates on the TADDM server. The store must contain the LDAP server certificate.
com.collation.security.auth.ldapClientTrustStorePassphrase=ts_passphrase
Optional: This property defines the password to the truststore.
com.collation.security.auth.ldapGroupMemberAttribute=member
The default value is member.

This property defines the name of the attribute used to contain the members of a group in LDAP.

com.collation.security.auth.ldapGroupNamingAttribute=cn
The default value is cn.

This property defines the name of the attribute used for naming groups in LDAP.

com.collation.security.auth.ldapGroupObjectClass=groupofnames
The default value is groupofnames.

This property defines the class used to represent user groups in LDAP.

com.collation.security.auth.ldapHostName=ldap.ibm.com
The default value is ldap.ibm.com.

This property defines the host name for the LDAP server.

com.collation.security.auth.ldapPortNumber=389
The default value is 389.

This property defines the port for the LDAP server.

com.collation.security.auth.ldapUIDNamingAttribute=uid
The default value is uid.

This property defines the name of the attribute used for naming users in LDAP.

com.collation.security.auth.ldapUserObjectClass=person
The default value is person.

This property defines the name of the class used to represent users in LDAP.

com.collation.security.auth.ldapUseSSL=false
The default value is false.

The property is used to enable authentication to an LDAP user registry with an SSL connection.

com.collation.security.usermanagementmodule=ldap
The default value is ldap.
This property defines the user management module used by the TADDM server. The valid values are:
  • file for a file-based user registry. The default value is true.
  • ldap for an LDAP user registry
  • vmm for a user registry that uses the federated repositories of WebSphere┬« Application Server