enRoleLDAPConnection.properties

The enRoleLDAPConnections.properties file provides standard configuration settings that allow successful communication between Security Identity Manager and the LDAP directory server.

Table 1 defines the properties used to configure LDAP directory server properties.

Table 1. enRoleLDAPConnection.properties properties
`java.naming.factory.initial`
	Do not modify this property key and value. Specifies the built-in Java™ class file that provides the communication interface between IBM® Security Identity Manager and the LDAP directory server. The Java Naming and Directory Interface (JNDI) protocol is used. Example: `java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory` LDAP context: `Context.INITIAL_CONTEXT_FACTORY`
`java.naming.provider.url`
	Specifies the URL of the LDAP directory server. The LDAP server is on: The local IBM Security Identity Manager Server. In this case, use `localhost`. A remote computer. In this case, use the short or fully qualified host name or the IP address. The value for this property is initially configured during IBM Security Identity Manager installation. You can also provide this value with the ldapconfig utility or runConfig utility. Example: `java.naming.provider.URL=ldap://localhost:389` LDAP context: `Context.PROVIDER_URL`
`java.naming.security.principal`
	Specifies the distinguished name (DN) of the LDAP administration account on the LDAP directory server. The value for this key is initially configured during IBM Security Identity Manager installation. You can also provide this value with the ldapconfig utility or runConfig utility. Example: `java.naming.security.principal=cn=root` Example for Sun Open Net Environment (ONE) Directory Server: `java.naming.security.principal=cn=directory manager` LDAP context: `Context.SECURITY_PRINCIPAL`
`java.naming.security.credentials`
	Specifies the password for the LDAP administration account on the LDAP directory server. The value for this key is initially configured during IBM Security Identity Manager installation. You can also provide this value with the ldapconfig utility or runConfig utility. Encryption of this value is specified by the `enrole.password.ldap.encypted` property in the `enRole.properties` file. The encryption type is initially configured during IBM Security Identity Manager installation. Example: `java.naming.security.credentials=ibmldap` LDAP context: `Context.SECURITY_CREDENTIALS`
`java.naming.security.protocol`
	By default, this property is commented out. Specifies the protocol that is used for communication between IBM Security Identity Manager and the LDAP directory server. For example, to enable SSL, uncomment the line and change it to `java.naming.security.protocol=ssl`. LDAP context: `Context.SECURITY_PROTOCOL`
`java.naming.security.authentication`
	Do not modify this property key and value. Specifies the authentication type that is used by the LDAP directory server. Valid types include: none - The anonymous: user becomes a member of an unauthenticated group. simple - The user supplies a user name and password. strong - A stronger authentication mechanism that you provide. Example: `java.naming.security.authentication=simple` LDAP context: `Context.SECURITY_AUTHENTICATION`
`java.naming.referral`
	Do not modify this property key and value. If multiple LDAP directory servers are linked in the IBM Security Identity Manager environment, this property specifies whether to use links when a referral is needed to complete a request for LDAP information. Valid values include: follow —- Use links to complete an LDAP information request. ignore —- Do not use links to complete an LDAP information request. throw —- Do not use links to complete an LDAP information request. and return an error message. Example: `java.naming.referral=follow` LDAP context: `Context.REFERRAL`
`java.naming.batchsize`
	Do not modify this property key and value. A JNDI property that specifies the number of data elements returned at one time during a request (query) to the LDAP directory server. A larger number reduces the number of LDAP fetches, which might improve performance. A value of `0` blocks any control by the client (IBM Security Identity Manager) until all requested elements are returned. Example: `java.naming.batchsize=100` LDAP context: `Context.BATCHSIZE`
`java.naming.ldap.derefAliases`
	Specifies that look up for an object by using the alias dereferences the alias so that what is returned is the object pointed to by the DN of the.alias Valid values include: never —- Do not dereference an alias during object lookup. always —- Dereference an alias during object lookup. finding —- Dereference an alias during object lookup (only during name resolution). searching —- Dereference an alias during object lookup (only after name resolution). Example: `java.naming.ldap.derefAliases=never`
`java.naming.ldap.attributes.binary`
	Do not modify this property key and value. Specifies IBM Security Identity Manager attributes that are treated as binary data type. Multiple attribute values are separated by a single space. Example (on a single line): `java.naming.ldap.attributes.binary=erPassword erHistoricalPassword erSynchPassword erServicePassword erPersonPassword` LDAP context: `attribute.binary`
`com.sun.jndi.ldap.connect.pool`
	Activates the LDAP connection pool. Valid values include: true - Use the LDAP connection pool. false - Do not use the LDAP connection pool. Example (default): `com.sun.jndi.ldap.connect.pool=true`
`com.sun.jndi.ldap.connect.timeout`
	Specifies the number of milliseconds that a client waits for a pooled connection to become available. If the property is not specified, the client waits indefinitely. Example: `#com.sun.jndi.ldap.connect.timeout=`