Identifies the LDAP directory server or servers to use.
See also the DirectoryServerPort property.
The value of this property can be any one of the following:
Single host name, single IP address (all LDAP directory types)
When the value is a host name and a single IP, Content Engine attempts to connect
to the directory server that runs on that host. Content Engine uses the
port number specified by the DirectoryServerPort property for this connection
attempt.
Single host name, multiple IP addresses (Microsoft® Active Directory and IBM® Tivoli® Directory Server)
You can manually create DNS address records ("A" records) to assign the same host name to each of the different IP addresses.
Failover using multiple IP addresses can be specified only when the value of the DirectoryServerType property is AD (Active Directory)
or IBM (Tivoli Directory Server).
The benefit of using multiple IP addresses for failover is that you do not need to modify a failover list when you change the host name,
or when you decommission a domain controller or Tivoli Directory Server.
In addition, this option is useful when the Active Directory
domain contains remote domain controllers but you want to connect only to local DCs
(as opposed to using the "Domain name" option below). The DC connection attempts
are done in parallel. The first successful connection is the DC used.
Domain name (Microsoft Active Directory)
When the value is an Active Directory domain name and the value of the DirectoryServerType property is AD (Active Directory), Content Engine attempts to
connect to any domain controller (DC) in the specified domain. Each DC must use the same LDAP port numbers (generally the case). The DC connection
attempts are done in parallel. The first successful connection is the DC used.
Failover list (Microsoft Active Directory and IBM® Tivoli® Directory Server)
When the value is a list of host names paired with port numbers, Content
Engine attempts to connect to one of the directory servers represented in the
list. (The DirectoryServerPort property is ignored.) A failover list can be
specified only when the value of the DirectoryServerType property is AD (Active Directory)
or IBM (Tivoli Directory Server).
For Active Directory, each directory server represented in the failover list is expected to be a DC.
Separate the host name and port number pairs with one space
character. In the following example, the first pair specifies LaurelTree as
the machine name and 389 as the port number:
LaurelTree:389 OliveTree:636 FigTree:389
Content Engine makes connection attempts to directory servers based on the
order of the pairs in the list. The connection attempts stop when Content
Engine either successfully connects to a directory server or exhausts the list. The
connection attempts resume at the beginning of the list when Content
Engine loses a previously established directory server connection.
For instance, given the example list, Content Engine first attempts
to connect to the directory server on the LaurelTree machine on port 389. If that attempt
fails, it attempts to connect to the directory server on the OliveTree machine on port 636.
If that attempt succeeds, the connection attempts stop. If, later on, Content
Engine loses the connection to the directory server on OliveTree, the connection
attempts start over again with LaurelTree.
The UTF-8 encoded, non-encrypted user password for authenticating to a given directory server.
To maintain password security, you can use this property only to set a password, not to read its value.
Instead of returning a password value, this property returns a zero-length byte array if it has been set
with a password and returns a null value if it has never been set.
Content Engine ignores this property when the value of the
DirectoryServerHost property is a failover list. For information about failover
lists, see the DirectoryServerHost property.
Specifies the directory server provider class name.
The value of this property defaults to the following strings for the directory server types
that the FileNet® P8 Content Engine supports:
com.filenet.engine.security.ActiveDirectoryProvider (for Microsoft® Active Directory®)
The type of directory server for the directory server configuration. The
value for this property is one of the following:
AD (for Microsoft® Active Directory®)
ADAM (for Microsoft® Active Directory Application Mode) (Windows 2003) and for Microsoft® Active Directory Lightweight Directory Services (Windows 2008))
IBM (for IBM® Tivoli® Directory Server)
Novell (for Novell eDirectory)
OID (for Oracle Internet Directory)
SunOne (for Oracle Directory Server)
CA (for Computer Associates eTrust Directory Server)
Specifies the user name for authenticating to the directory server. The following are examples of strings
for Active Directory and Oracle Directory Server:
For Active Directory: "CN=test1,CN=Users,DC=myCompany,DC=com"
For Oracle Directory Server: "uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot"
The user-readable, provider-specific name of an object. This property is usually the designated Name property of the object's class.
For CmAuditProcessingBookmark and AuditDefinition objects, this property is intended to identify client applications
that process the audit log.
For CmAuditProcessingBookmark objects, this property, in support of the audit disposition feature, identifies the client that created the object.
For AuditDefinition objects, this property identifies a set of audit definitions for a given client or client functionality.
For CmAuditProcessingBookmark and AuditDefinition objects, it is recommended that you set this property.
Specify a unique value to distinguish one client application from another.
Note, however, that the server does not prevent identical display names across multiple
CmAuditProcessingBookmark or AuditDefinition objects. Therefore, the client application is responsible for enforcing uniqueness.
Specifies the directory server attribute to be used as the display name for a group.
The default property value is dependent on the directory service type and is specified by the
authentication provider's configuration.
Specifies the search filter for group membership queries.
The default value of this property is null for Active Directory service
provider. The default value
for other supported directory service providers is unique to the provider, as follows:
ADAM and AD LDS: (&(objectClass=group)(member={0}))
Defines the directory server attribute to be used as the short name for a group.
The default value of this property is samAccountName for the Active Directory service
provider and cn for all other supported directory service providers.
Specifies the search filter for querying a group or groups. The filter must be in the
following format:
"(&(objectClass=user_defined_class)(an_attribute={0}))", where
user_defined_class is the object class you want (for example, user) and an_attribute
is the LDAP server-specific attribute (for example, samAccountName, cn, or uid).
The default value of this property is unique to the directory service provider, as follows:
ActiveDirectory: (&(objectClass=group)(samAccountName={0})), where samAccountName serves
as the short name.
ADAM and AD LDS: (&(objectClass=group)(person={0}))
Specifies the directory server attribute to be used as the unique identifier for a group,
that is, for the Content Engine Group.Id property. The default property value
is dependent on the directory server type and is specified by the authentication
provider's configuration. See What are access rights?
for a list of the default SID attributes for the supported authentication providers.
A representation of the Globally Unique Identifier (GUID), a unique 128-bit number, that is assigned to this Content Engine object when the object is created.
When converted to a string, the Id property is typically depicted as 32 hexadecimal characters enclosed by brackets in the following
format: {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}. For example, {3F2504E0-4F89-11D3-9A0C-0305E82C3301}.
For User and Group classes, the Id property takes the value of the
Security Identifier (SID) rather than the 128-bit GUID. The string representation of the
SID is in this example format: S-1-5-21-1559522492-2815155736-3711640725-55269.
When Active Directory is used as the directory service for IBM FileNet P8, calls to
User.get_Id() and Group.get_Id() always return the current SID for the
principal, even if this user or group has only historical SIDs populating the Active
Directory server.
For a given property representation, the Id property has the following characteristics:
PropertyDescription.get_Id() is equal to PropertyTemplate.get_Id(), which is equal to PropertyDefinition.get_PrimaryId().
PropertyDefinition.get_Id() is not equal to PropertyDefinition.get_PrimaryId().
PropertyDefinition.get_Id() is not equal to PropertyDescription.get_Id().
For a newly created document object, you can override the Id property of its associated VersionSeries object
before you save or check in the document for the first time.
Determines whether the Secure Sockets Layer (SSL) protocol is enabled for instances of this object.
The default value is false, indicating that SSL is disabled.
Restricts a group membership search to within the realms configured in
Administration Console for Content Platform Engine.
A user can be in a configured realm but belong to a group in an unconfigured realm.
By default (that is, when the property value is false), the server
automatically searches cross-realm group membership (also called cross-domain group
membership in Active Directory). If it reaches a realm that is not configured in
Administration Console, the server returns a Realm not found error and
group membership search processing stops. However, if the property value is true when
this situation occurs, the server logs an informational message to the
server error log and the group membership search continues.
NOTE This property is not supported for the Windows Active Directory
Application Mode (ADAM) directory service provider. This is because ADAM
does not support cross-realm group memberships (cross-partition memberships, in
ADAM terminology).
Specifies the directory server attribute to be used as the display name for a user.
The default property value is dependent on the directory server type and is specified by the
authentication provider's configuration.
Defines the directory server attribute to be used as the short name for a user.
The default value of this property is unique to the directory service provider as follows:
Specifies the search filter for querying a user or users. The filter must be in the
following format:
"(&(objectClass=user_defined_class)(an_attribute={0}))", where
user_defined_class is the object class you want (for example, user or person) and an_attribute
is the LDAP server-specific attribute (for example, samAccountName, cn, or uid).
The default value of this property is unique to the directory service provider, as follows:
ActiveDirectory: (&(objectClass=user)(samAccountName={0})), where samAccountName serves
as the short name.
ADAM and AD LDS: (&(objectClass=person)(member={0})).
Specifies the directory server attribute to be used as the unique identifier for a user,
that is, for the Content Engine User.Id property. The default property value
is dependent on the directory server type and is specified by the authentication
provider's configuration. See What are access rights?
for a list of the default SID attributes for the supported authentication providers.