LDAP properties
These properties apply to LDAP.
An external LDAP server can be used for user authentication. Both anonymous authentication and password-based authentication are supported with an external LDAP server.
The LDAP server host name, port number, base distinguished name, bind distinguished name, and password (required for password-based authentication) are configurable in the collation.properties file. You can also configure the specific naming attribute that can be searched for to match the user ID (UID).
LDAP configuration is recommended in synchronization server and domain server deployments. In an enterprise environment, configure the domain server and the synchronization server to use the same user registry. When you log in to a domain server that is connected to a synchronization server, the login is processed at the synchronization server. If a network connection problem occurs between the synchronization server and a domain server, you can successfully log in to the domain server without reconfiguration if the domain server is configured to use the same user registry as the synchronization server.
- com.collation.security.auth.ldapAuthenticationEnabled=true
- The default value is true.
This property is used to enable LDAP authentication.
- com.collation.security.auth.ldapBaseDN=ou=People,dc=ibm,dc=com
- The default value is ou=People,dc=ibm,dc=com.
This property defines the LDAP Base Distinguished Name (DN). The LDAP Base Distinguished Name is the starting point for all LDAP searches.
- com.collation.security.auth.ldapBaseGroupDN
- In the collation.properties file, this property
is commented out by default.
This property defines the LDAP root branch for searching groups, which can be different from the root branch for all LDAP queries. To specify more than one LDAP root branch for searching for groups, separate the branch names by using the
;
character.If you do not specify a value for this property, the default value is the value of the
com.collation.security.auth.ldapBaseDNproperty. - com.collation.security.auth.ldapBindDN=uid=ruser,dc=ibm,dc=com
- The default value is uid=ruser,dc=ibm,dc=com.If simple authentication is used, this property defines the user ID that is used to authenticate to LDAP.Important:
- If a value for
com.collation.security.ldapBindDNis not supplied or if the property is commented out, an anonymous connection to LDAP is attempted. The following example shows how the property can be commented out with the number sign (#):#com.collation.security.auth.ldapBindDN=uid=ruser, dc=ibm,dc=com - If a value is specified for
com.collation.security.auth.ldapBindDN, simple authentication is used and - a value for
com.collation.security.auth.ldapBindPasswordmust also be specified.
- If a value for
- com.collation.security.auth.ldapBindPassword=ruser
- The default value is ruser.
If simple authentication is used, this property defines the user password that is used to authenticate to LDAP.
- com.collation.security.auth.ldapClientKeyStore=ks_path
- The property defines the location of the keystore that contains the certificates on the TADDM server. The store must contain the client certificate to authenticate the TADDM server with the LDAP server.
- com.collation.security.auth.ldapClientKeyStorePassphrase=ks_passphrase
- Optional: This property defines the password to the keystore.
- com.collation.security.auth.ldapClientTrustStore=ts_path
- The property defines the location of the truststore that contains the certificates on the TADDM server. The store must contain the LDAP server certificate.
- com.collation.security.auth.ldapClientTrustStorePassphrase=ts_passphrase
- Optional: This property defines the password to the truststore.
- com.collation.security.auth.ldapGroupMemberAttribute=member
- The default value is member.
This property defines the name of the attribute used to contain the members of a group in LDAP.
- com.collation.security.auth.ldapGroupNamingAttribute=cn
- The default value is cn.
This property defines the name of the attribute used for naming groups in LDAP.
- com.collation.security.auth.ldapGroupObjectClass=groupofnames
- The default value is groupofnames.
This property defines the class used to represent user groups in LDAP.
- com.collation.security.auth.ldapHostName=ldap.ibm.com
- The default value is ldap.ibm.com.
This property defines the host name for the LDAP server.
- com.collation.security.auth.ldapPortNumber=389
- The default value is 389.
This property defines the port for the LDAP server.
- com.collation.security.auth.ldapUIDNamingAttribute=uid
- The default value is uid.
This property defines the name of the attribute used for naming users in LDAP.
- com.collation.security.auth.ldapUserObjectClass=person
- The default value is person.
This property defines the name of the class used to represent users in LDAP.
- com.collation.security.auth.ldapUseSSL=false
- The default value is false.
The property is used to enable authentication to an LDAP user registry with an SSL connection.
- com.collation.security.usermanagementmodule=ldap
- The default value is ldap.This property defines the user management module used by the TADDM server. The valid values are:
- file for a file-based user registry. The default value is true.
- ldap for an LDAP user registry
- vmm for a user registry that uses the federated repositories of WebSphere® Application Server