You can customize LDAP as required.
General settings
Key |
Description |
Valid input |
Example |
---|---|---|---|
com.aris.umc.ldap.active |
Activate LDAP Specifies whether or not the LDAP integration is enabled. |
True, False |
|
com.aris.umc.ldap.multi.active |
Activate multiple LDAP integration Specifies whether or not integration of multiple LDAP servers is to be activated. The default value is false. |
True, False |
|
com.aris.umc.ldap.connection.count |
Configured LDAP server count Displays the number of LDAP servers allowed. |
Integer |
2 |
Truststore
Key |
Description |
Valid input |
Example |
---|---|---|---|
com.aris.umc.ldap.ssl.truststore.location |
Truststore Specifies where to look for the truststore. |
String |
|
com.aris.umc.ldap.ssl.truststore.password |
Password Specifies the truststore password. |
String |
|
com.aris.umc.ldap.ssl.truststore.type |
Type Specifies the truststore type to be used. |
String |
|
Advanced settings
Key |
Description |
Valid input |
Example |
---|---|---|---|
com.aris.umc.ldap.debug |
Debug output Specifies whether or not debug information for LDAP operations are output. |
True, False |
False |
com.aris.umc.ldap.group.import.parent.enabled |
Import superior group Specifies whether the superior group is to be imported automatically when the group is imported. |
True, False |
False |
com.aris.umc.ldap.user.importOnLogin |
Import user at login Specifies whether an LDAP user is to be imported automatically during the login attempt. |
True, False |
false |
com.aris.umc.ldap.sync.user.importGroups |
Import user groups when synchronizing Specifies whether additional user groups are to be imported during user synchronization. |
True, False |
False |
com.aris.umc.ldap.attribute.memberof.resolveOnFirstLogin |
Update group associations at login Specifies whether the memberOf attribute is read (true) or not (false). If the value of the property is true, the memberOf attribute is read and the referenced groups are automatically imported. The import of the groups occurs when a user from the group logs in for the first time. |
True, False |
|
com.aris.umc.ldap.attributes.paging.enabled |
Use attribute value pagination Specifies whether a page break is to be inserted if the server-side limit for valid values is exceeded for attributes, for example, if more than 1,500 attribute values exist. |
True, False |
|
com.aris.umc.ldap.auth.only |
Prevent login of manually created users Specifies that only LDAP users may log in. This does not apply to the arisservice, guest, superuser, and system users. |
True, False |
|
com.aris.umc.ldap.entity.cache.size |
Cache size Specifies the maximum number of LDAP entities that are cached during an import. |
Integer > 0 |
3500 |
com.aris.umc.ldap.connection.concurrent.timeout |
Pool wait time (in milliseconds) Specifies the maximum amount of time in milliseconds that a connection request may take if the maximum number of connections to the LDAP server was exceeded. |
Integer > 0 |
|
com.aris.umc.ldap.connection.pool.size |
Pool size Specifies the maximum number of connections that are ready for reuse in a pool. The connection that was used last is discarded when the pool is full. |
Integer > 0 |
|
com.aris.umc.ldap.connection.pool.timeout |
Pool time (in milliseconds) Specifies the maximum amount of time that a connection remains in a pool. The connection is removed from the pool at the latest after this period of time. This is defined in milliseconds. |
Integer > 0 |
|
com.aris.umc.ldap.sync.skipOnFault |
Skip errors Specifies whether the LDAP import ignores users or user groups for which errors occurred without showing an error message. |
True (without message), False (with error message) |
|
com.aris.umc.ldap.sync.members.searchBottomUp |
Use bottom-up method Specifies whether the bottom-up method (memberOf attribute) or the top-down method (hasMember attribute) is applied when associating users to user groups. |
True, False |
False |
com.aris.umc.ldap.sync.useDnAsGuid |
Use DN as GUID Specifies that the fully qualified name (distinguished name) is used as GUID. |
True, False |
False |
Individual LDAP server
You can specify the properties of each individual LDAP server.
Connection
Key |
Description |
Valid input |
Example |
---|---|---|---|
com.aris.umc.ldap.connection.id plus the ID defined. |
ID Specifies the unique ID of this specific LDAP connection. |
String |
|
com.aris.umc.ldap.connection.name plus the ID defined. |
Name Specifies the name of this specific LDAP connection. |
String |
|
com.aris.umc.ldap.url |
Server URL Specifies the URL of the LDAP server. |
String |
|
com.aris.umc.ldap.backup.url |
Server URL (fallback) Specifies the fallback URL of the LDAP server. This URL is only used if the server cannot be reached via its primary URL. |
String |
|
com.aris.umc.ldap.service.user |
User name Specifies the user name of the LDAP user. |
String |
arisldapservice |
com.aris.umc.ldap.service.pwd |
Password Specifies the password of the LDAP user. |
String |
|
com.aris.umc.ldap.ssl |
Use SSL Specifies if SSL is to be used. |
true, false |
|
com.aris.umc.ldap.ssl.mode |
SSL mode Specifies the SSL mode. |
String |
STARTTTLS |
com.aris.umc.ldap.ssl.host.verification.active |
Verify host names Specifies if an SSL host is to be verified. |
True, False |
|
com.aris.umc.ldap.ssl.certificate.verification.active |
Verify certificates Specifies whether an SSL certificate is to be verified. |
True, False |
|
com.aris.umc.ldap.connection.concurrent |
Simultaneous connections Specifies the maximum number of simultaneous connections to the same LDAP server. If additional connections are to be established, they are refused. |
Integer > 0 |
|
com.aris.umc.ldap.timeout |
Connection timeout (in milliseconds) Specifies the duration after which the attempt to connect to the LDAP server is canceled. This is defined in milliseconds. |
Integer > 0 |
|
com.aris.umc.ldap.read.timeout |
Read timeout (in milliseconds) Specifies the maximum amount of time that read access may take. This is defined in milliseconds. |
Integer > 0 |
|
Attribute mappings
Key |
Description |
Valid input |
Example |
---|---|---|---|
com.aris.umc.ldap.attribute.objectclass |
objectClass Specifies the attribute that contains the object class. |
String |
objectClass |
com.aris.umc.ldap.attribute.distinguishedname |
DN Specifies the fully qualified name (distinguished name). |
String |
distinguishedName |
com.aris.umc.ldap.attribute.guid |
GUID Specifies the LDAP GUID. |
String |
Object GUID |
Group attribute mappings
Key |
Description |
Valid input |
Example |
|
---|---|---|---|---|
com.aris.umc.ldap.attribute.group.name |
Name Specifies the group name. |
String |
Group name |
|
com.aris.umc.ldap.attribute.hasmember |
hasMember Specifies the attribute that references the members of a group. |
String |
hasMember |
|
com.aris.umc.ldap.group.attributes.userdefined |
User-defined Specifies a comma-separated list of LDAP attributes that are to be imported as user-defined attributes of a user group. |
String |
Description, operating system |
User attribute mappings
Key |
Description |
Valid input |
Example |
---|---|---|---|
com.aris.umc.ldap.attribute.user.name |
Name Specifies the user name of a user. |
String |
Fragment |
com.aris.umc.ldap.attribute.user.firstname |
First name Specifies the first name of a user. |
String |
John |
com.aris.umc.ldap.attribute.user.lastname |
Last name Specifies the last name of a user. |
String |
Smith |
com.aris.umc.ldap.attribute.user.email |
E-mail address Specifies the e-mail address of a user. |
String |
john.smith@softwareag.com |
com.aris.umc.ldap.attribute.user.phone |
Telephone number Specifies the telephone number of a user. |
String |
+491234567 |
com.aris.umc.ldap.attribute.user.picture |
Picture Specifies the picture of a user. |
Location of an image |
|
com.aris.umc.ldap.attribute.memberof |
memberOf Specifies the attribute that references the groups of a user. |
String |
memberOf |
com.aris.umc.ldap.user.attributes.userdefined |
User-defined Specifies a comma-separated list of LDAP attributes that are to be imported as user-defined attributes of a user. |
String |
Description, operating system |
Behavior
Key |
Description |
Valid input |
Example |
---|---|---|---|
com.aris.umc.ldap.group.objectclass |
Group object class Object class of the LDAP groups. |
String |
Group |
com.aris.umc.ldap.user.objectclass |
User object class Specifies the object class of the LDAP user. |
String |
Organizational unit |
com.aris.umc.ldap.searchpath |
Search paths Specifies a semicolon-separated list of all LDAP search paths. |
String |
OU\=stadt\,OU\=location\, OU\=employees\,DC\=my\,DC\=corp\, DC\=company\,DC\=com |
com.aris.umc.ldap.group.searchpath |
Group search paths Specifies a semicolon-separated list of all LDAP search paths for user groups. Overwrites the list of general search paths. |
String |
OU\=distribution lists\,DC\=my,DC\=corp\,DC\=company\,DC\=com |
com.aris.umc.ldap.user.searchpath |
User search paths Specifies a semicolon-separated list of LDAP search paths for users. Overwrites the list of general search paths. |
String |
OU\=employees\,DC\=my\,DC\=corp\, DC\=company\,DC\=com |
com.aris.umc.ldap.filter.group |
Group search filter Specifies the query filter for LDAP groups. |
String |
(&(objectClass=role)(name=y*)) |
com.aris.umc.ldap.filter.user |
User search filter Specifies the query filter for LDAP users. |
|
(&(sAMAccountName=*)) |
com.aris.umc.ldap.recursion.depth |
Recursion depth Specifies the recursion depth that is to be used for nested groups and users. |
1 means one level, 0 means all |
1 |
com.aris.umc.ldap.pagesize |
Page size Specifies the maximum number of entries that are loaded in a single LDAP query. |
Integer > 0 |
|
com.aris.umc.ldap.referral |
Referrals Defines how referrals to other LDAP systems are processed. |
follow means that the referral is automatically |
ignore |