You can customize your system configuration as required. You carry out this part of the configuration in ARIS Administration.
Prerequisite
You have the Technical configuration administrator function privilege.
Procedure
You can configure the following properties of your system:
Activate LDAP
Specifies whether or not the LDAP integration is enabled. This corresponds to the following property: com.aris.umc.ldap.active
Activate multiple LDAP integration
Specifies whether or not integration of multiple LDAP servers is to be activated. The default value is false. This corresponds to the following property: com.aris.umc.ldap.multi.active
Configured LDAP server count
Displays the number of LDAP servers allowed. This corresponds to the following property: com.aris.umc.ldap.connection.count
Truststore
Specifies where to look for the truststore. This corresponds to the following property: com.aris.umc.ldap.ssl.truststore.location
Upload
You can upload a truststore file.
Password
Specifies the truststore password. This corresponds to the following property: com.aris.umc.ldap.ssl.truststore.password
Type
Specifies the truststore type to be used. This corresponds to the following property: com.aris.umc.ldap.ssl.truststore.type
Debug output
Specifies whether or not debug information for LDAP operations are output. This corresponds to the following property: com.aris.umc.ldap.debug
Import superior group
Specifies whether the superior group is to be imported automatically when the group is imported. This corresponds to the following property: com.aris.umc.ldap.group.import.parent.enabled
Import user at login
Specifies whether an LDAP user is to be imported automatically during the login attempt. This corresponds to the following property: com.aris.umc.ldap.user.importOnLogin
Import user groups when synchronizing
Specifies whether additional user groups are to be imported during user synchronization. This corresponds to the following property: com.aris.umc.ldap.sync.user.importGroups
Update group associations at login
Specifies whether the memberOf attribute is read (true) or not (false). If the value of the property is true, the memberOf attribute is read and the referenced groups are automatically imported. The import of the groups occurs when a user from the group logs in for the first time. This corresponds to the following property: com.aris.umc.ldap.attribute.memberof.resolveOnFirstLogin
Use attribute value pagination
Specifies whether a page break is to be inserted if the server-side limit for valid values is exceeded for attributes, for example, if more than 1,500 attribute values exist. This corresponds to the following property: com.aris.umc.ldap.attributes.paging.enabled
Prevent login of manually created users
Specifies that only LDAP users may log in. This does not apply to the arisservice, guest, superuser, and system users. This corresponds to the following property: com.aris.umc.ldap.auth.only
Cache size
Specifies the maximum number of LDAP entities that are cached during an import. This corresponds to the following property: com.aris.umc.ldap.entity.cache.size
Pool wait time
Specifies the maximum amount of time in milliseconds that a connection request may take if the maximum number of connections to the LDAP server was exceeded. Cross-tenant property that can only be changed using ARIS Cloud Controller. For more information, refer to ARIS Cloud Controller (ACC) Command-line Tool manual. This corresponds to the following property: com.aris.umc.ldap.connection.concurrent.timeout
Pool size
Specifies the maximum number of connections that are ready for reuse in a pool. The connection that was used last is discarded when the pool is full. Cross-tenant property that can only be changed using ARIS Cloud Controller. For more information, refer to ARIS Cloud Controller (ACC) Command-line Tool manual. This corresponds to the following property: com.aris.umc.ldap.connection.pool.size
Pool time
Specifies the maximum amount of time that a connection remains in a pool. The connection is removed from the pool at the latest after this period of time. This is defined in milliseconds. Cross-tenant property that can only be changed using ARIS Cloud Controller. For more information, refer to ARIS Cloud Controller (ACC) Command-line Tool manual. This corresponds to the following property: com.aris.umc.ldap.connection.pool.timeout
Skip errors
Specifies whether the LDAP import ignores users or user groups for which errors occurred without showing an error message. This corresponds to the following property: com.aris.umc.ldap.sync.skipOnFault
Use bottom-up method
Specifies whether the bottom-up method (memberOf attribute) or the top-down method (hasMember attribute) is applied when associating users to user groups. This corresponds to the following property: com.aris.umc.ldap.sync.members.searchBottomUp
Use DN as GUID
Specifies that the fully qualified name (distinguished name) is used as GUID. This corresponds to the following property: com.aris.umc.ldap.sync.useDnAsGuid
You can configure the following properties of your system:
ID
Specifies the unique ID of this specific LDAP connection. This corresponds to the following property: com.aris.umc.ldap.connection.id plus the ID defined.
Name
Specifies the name of this specific LDAP connection. This corresponds to the following property: com.aris.umc.ldap.connection.name plus the ID defined.
Server URL
Specifies the URL of the LDAP server. This corresponds to the following property: com.aris.umc.ldap.url
Server URL (fallback)
Specifies the fallback URL of the LDAP server. This URL is only used if the server cannot be reached via its primary URL. This corresponds to the following property: com.aris.umc.ldap.backup.url
User name
Specifies the user name of the LDAP user. This corresponds to the following property: com.aris.umc.ldap.service.user
Password
Specifies the password of the LDAP user. This corresponds to the following property: com.aris.umc.ldap.service.pwd
Use SSL
Specifies if SSL is to be used. This corresponds to the following property: com.aris.umc.ldap.ssl
SSL mode
Specifies the SSL mode. This corresponds to the following property: com.aris.umc.ldap.ssl.mode
Verify host names
Specifies if an SSL host is to be verified. This corresponds to the following property: com.aris.umc.ldap.ssl.host.verification.active
Verify certificates
Specifies whether an SSL certificate is to be verified. This corresponds to the following property: com.aris.umc.ldap.ssl.certificate.verification.active
Simultaneous connections
Specifies the maximum number of simultaneous connections to the same LDAP server. If additional connections are to be established, they are refused. Cross-tenant property that can only be changed using ARIS Cloud Controller. For more information, refer to ARIS Cloud Controller (ACC) Command-line Tool manual.
This corresponds to the following property: com.aris.umc.ldap.connection.concurrent
Connection timeout
Specifies the duration after which the attempt to connect to the LDAP server is canceled. This is defined in milliseconds. This corresponds to the following property: com.aris.umc.ldap.timeout
Read timeout
Specifies the maximum amount of time that read access may take. This is defined in milliseconds. This corresponds to the following property: com.aris.umc.ldap.read.timeout
You can configure the following properties of your system:
objectClass
Specifies the attribute that contains the object class. This corresponds to the following property: com.aris.umc.ldap.attribute.objectclass
DN
Specifies the fully qualified name (distinguished name). This corresponds to the following property: com.aris.umc.ldap.attribute.distinguishedname
GUID
Specifies the LDAP GUID. This corresponds to the following property: com.aris.umc.ldap.attribute.guid
You can configure the following properties of your system:
Name
Specifies the group name. This corresponds to the following property: com.aris.umc.ldap.attribute.group.name
hasMember
Specifies the attribute that references the members of a group. This corresponds to the following property: com.aris.umc.ldap.attribute.hasmember
User-defined
Specifies a comma-separated list of LDAP attributes that are to be imported as user-defined attributes of a group. This corresponds to the following property: com.aris.umc.ldap.group.attributes.userdefined
You can configure the following properties of your system:
Name
Specifies the user name of a user. This corresponds to the following property: com.aris.umc.ldap.attribute.user.name
First name
Specifies the first name of a user. This corresponds to the following property: com.aris.umc.ldap.attribute.user.firstname
Last name
Specifies the last name of a user. This corresponds to the following property: com.aris.umc.ldap.attribute.user.lastname
E-mail address
Specifies the e-mail address of a user. This corresponds to the following property: com.aris.umc.ldap.attribute.user.email
Telephone number
Specifies the telephone number of a user. This corresponds to the following property: com.aris.umc.ldap.attribute.user.phone
Picture
Specifies the picture of a user. This corresponds to the following property: com.aris.umc.ldap.attribute.user.picture
memberOf
Specifies the attribute that references the groups of a user. This corresponds to the following property: com.aris.umc.ldap.attribute.memberof
User-defined
Specifies a comma-separated list of LDAP attributes that are to be imported as user-defined attributes of a user. This corresponds to the following property: com.aris.umc.ldap.user.attributes.userdefined
Group object class
Object class of the LDAP groups. This corresponds to the following property: com.aris.umc.ldap.group.objectclass
User object class
Specifies the object class of the LDAP user. This corresponds to the following property: com.aris.umc.ldap.user.objectclass
Search paths
Specifies a semicolon-separated list of all LDAP search paths. This corresponds to the following property: com.aris.umc.ldap.searchpath
Group search paths
Specifies a semicolon-separated list of all LDAP search paths for user groups. Overwrites the list of general search paths. This corresponds to the following property: com.aris.umc.ldap.group.searchpath
User search paths
Specifies a semicolon-separated list of LDAP search paths for users. Overwrites the list of general search paths. This corresponds to the following property: com.aris.umc.ldap.user.searchpath
Group search filter
Specifies the query filter for LDAP groups. This corresponds to the following property: com.aris.umc.ldap.filter.group
User search filter
Specifies the query filter for LDAP users. This corresponds to the following property: com.aris.umc.ldap.filter.user
Recursion depth
Specifies the recursion depth that is to be used for nested groups and users. This corresponds to the following property: com.aris.umc.ldap.recursion.depth
Page size
Specifies the maximum number of entries that are loaded in a single LDAP query. This corresponds to the following property: com.aris.umc.ldap.pagesize
Referrals
Defines how referrals to other LDAP systems are processed. This corresponds to the following property: com.aris.umc.ldap.referral
The Cross-tenant symbol indicates that the settings made apply to all tenants on this server and cannot be changed.
You have customized your system configuration.
See also
What LDAP properties are available?