Directory Settings
The table below details the directory settings for a project. The name, variable name, variable type, description, and default are defined for each setting.
Setting Name | Type | Description |
---|---|---|
Directory hostname (directory.hostname) |
string | The hostname (or IP) of the directory server (LDAP, Active Directory) |
Directory port (directory.port) |
number | The port of the directory server to which the LDAP query should be sent Default: 389 |
Directory search base DN (directory.search-base) |
string | LDAP Distinguished Name (DN) identifying the base object of the LDAP search. The DN of the main domain may work, e.g., dc=mydomain,dc=com (though it may not be the most efficient) but may generate a (39) LDAP remote: Operations Error error in which case you'll need to specify a more specific object, e.g., ou=Users,dc=mydomain,dc=com. |
Binding username (DN) (directory.binding-username) |
string | Username used to bind to the directory service. In most cases this is a Distinguished Name (the logon name may sometimes work with active directory - though unlike general Windows logon it is case sensitive - but it is recommended to use the DN which always works). The format of the base DN depends on your LDAP server configuration, but here are some examples of common formats:
|
Binding password (directory.binding-password) |
password | Password used to bind to the directory service. |
Number of seconds to cache directory groups (directory.groups-cache-secs) |
number | Watson Explorer Engine will cache the directory groups in the user profile for this number of seconds. This avoids putting too much strain on the directory server. Default: 86400 |
Directory username (directory.username) |
string | The username used to retrieve the user profile from the directory. By default this will be populated with the "username" part of the login name. |
Directory domain (directory.domain) |
string | The default domain in which the directory groups belong. If not specified, the domain part of the username will be used. If you need to go across multiple domains you will need to modify the main directly. |
Default Windows groups for authenticated users (directory.default-groups) |
separated-enum-set | These are groups that are sometimes implied by Windows. Select the links to display below the form.
Default: authusers domainusers |
Directory attribute for username (directory.username-attribute) |
string | The attribute of a user directory profile specifying the username. Default: sAMAccountName |
Directory attribute for email (directory.email-attribute) |
string | The attribute of a user directory profile specifying the user email. Default: mail |
Directory attribute for group membership (directory.group-attribute) |
string | The attribute of a user directory profile specifying the groups a user belongs to. Default: memberOf |