LDAP Properties

Connection related properties

url - The URL of the LDAP server (e.g ldap://ldapserver:389 or ldaps://ldapserver:636).

keystoreUrl - The URL from which a keystore can be retrieved (e.g. file:///usr/local/ldap/keystore.jks) - used to authenticate to the LDAP server.

keystoreType - The store type of the keystore (e.g. JKS).

keystorePassword - The password to verify the integrity of the keystore.

keyAlias - The alias in the keystore where the certificate and key are stored.

keyPassword - The password to allow access to the specified alias. Defaults to store password.

truststoreUrl - The URL from which a truststore can be retrieved. Used to to validate the certificate presented by the LDAP server during an SSL/TLS handshake.

truststoreType - The store type of the truststore (e.g. JKS).

truststorePassword - The password to verify the integrity of the truststore.

noPrinIsAnonymous - Set to true for LDAP servers that allow anonymous connections.

prin - The username to use to authenticate to the LDAP server.

cred - The password to use to authenticate to the LDAP server.

watt.server.ldap.ignore.serverCertificateValidity - If true, then invalid certificates presented by the LDAP server are ignored.

watt.server.ldap.extendedProps - Extra properties to add to the LDAP context. Format: key1=value1;key2=value2

watt.server.ldap.retryCount - How many times to retry a connection if it fails.

watt.server.ldap.retryWait - How many milliseconds to wait between connection retries.

Properties related to how to interact with the LDAP server

timeout - LDAP query timeout in milliseconds.

watt.server.ldap.DNescapeChars - A list of characters that should be escaped.

watt.server.ldap.DNescapePairs - A list of characters that should not be re-escaped.

watt.server.ldap.DNstripQuotes - If false, then quotes that get added when escaping are not striped from DNs.

watt.server.ldap.DNescapeURL - If true, then the start of a DN is escaped. This is useful for referrals when DNs can start with a URL.

watt.server.jndi.searchresult.maxlimit - The maximum number of results to return from an LDAP search. Zero means unlimited.

Properties related to the schema of a user

userrootdn - The DN under which users can be found (e.g. ou=People,dc=example,dc=com).

uidprop - The attribute on a user which contains the primary ID of the user (e.g. uid).

personobjclass - The LDAP schema class for users (e.g. person).

useaf - If true, then the dnprefix and dnsuffix properties should be used.

dnprefix - A string added to the beginning of a username for the LDAP lookup.

dnsuffix - A string added to the end of a username for the LDAP lookup.

Properties related to the schema of a group

grouprootdn - The DN under which groups can be found (e.g. ou=Group,dc=example,dc=com).

gidprop - The attribute on a group which contains the primary ID of the group (e.g. gid).

groupobjclass - The LDAP schema class for groups (e.g. group).

Properties related to how the schema connects users and groups

group - A role automatically given to every user.

memberinfoingroups - If true, then group membership is in the group definitions under the grouprootdn. If false, then group membership is in the user definitions under the userrootdn.

mattr - The attribute on a user that specifies a group to which the user belongs OR the attribute on a group that specifies a user is a member. The semantics depends on the choice of memberinfoingroups.

recursiveSearchDepth - How deep to search for groups that are members of other groups.

Properties that Terracotta supports in addition to other IBM webMethods products

tcdb.roleMap - A mapping from group names on the LDAP server to roles used in Terracotta. Format: group1=tcdbRole1;group2=tcdbRole2