LDAP properties

You can customize LDAP as required.

General settings

Key

Description

com.aris.umc.ldap.active

Use LDAP

Specifies whether or not the LDAP integration is enabled.

Valid input

true, false

com.aris.umc.ldap.multi.active

Activate multiple LDAP integration

Specifies whether or not integration of multiple LDAP servers is to be activated. The default value is false.

Valid input

true, false

com.aris.umc.ldap.connection.count

Number of configured LDAP servers

Displays the number of LDAP servers allowed.

Valid input

Integer

Example

2

Truststore

Key

Description

com.aris.umc.ldap.ssl.truststore.location

Truststore

Specifies where to look for the truststore.

Valid input

String

com.aris.umc.ldap.ssl.truststore.password

Password

Specifies the truststore password.

Valid input

String

com.aris.umc.ldap.ssl.truststore.type

Type

Specifies the truststore type to be used.

Valid input

String

Advanced settings

Key

Description

com.aris.umc.ldap.debug

Debug output

Specifies whether or not debug information for LDAP operations are output.

Valid input

true, false

Example

False

com.aris.umc.ldap.group.import.parent.enabled

Import superior group

Specifies whether the superior group is to be imported automatically when the group is imported.

Valid input

true, false

Example

False

com.aris.umc.ldap.user.importOnLogin

Import user at login

Specifies whether an LDAP user is to be imported automatically during the login attempt.

Valid input

true, false

Example

False

com.aris.umc.ldap.sync.user.importGroups

Import user groups when synchronizing

Specifies whether additional user groups are to be imported during user synchronization.

Valid input

true, false

Example

False

com.aris.umc.ldap.attribute.memberof.resolveOnFirstLogin

Update group associations at login

Specifies whether the memberOf attribute is read (true) or not (false). If the value of the property is true, the memberOf attribute is read and the referenced groups are automatically imported. The import of the groups occurs when a user from the group logs in for the first time.

Valid input

true, false

com.aris.umc.ldap.attributes.paging.enabled

Use attribute value pagination

Specifies whether a page break is to be inserted if the server-side limit for valid values is exceeded for attributes, for example, if more than 1,500 attribute values exist.

Valid input

true, false

com.aris.umc.ldap.auth.only

Prevent login of manually created users

Specifies that only LDAP users may log in. This does not apply to the arisservice, guest, superuser, and system users.

Valid input

true, false

com.aris.umc.ldap.entity.cache.size

Cache size

Specifies the maximum number of LDAP entities that are cached during an import.

Valid input

Integer > 0

Example

3500

com.aris.umc.ldap.connection.concurrent.timeout

Pool wait time (in milliseconds)

Specifies the maximum amount of time in milliseconds that a connection request may take if the maximum number of connections to the LDAP server was exceeded.

Valid input

Integer > 0

com.aris.umc.ldap.connection.pool.size

Pool size

Specifies the maximum number of connections that are ready for reuse in a pool. The connection that was used last is discarded when the pool is full.

Valid input

Integer > 0

com.aris.umc.ldap.connection.pool.timeout

Pool time (in milliseconds)

Specifies the maximum amount of time that a connection remains in a pool. The connection is removed from the pool at the latest after this period of time. This is defined in milliseconds.

Valid input

Integer > 0

com.aris.umc.ldap.sync.skipOnFault

Skip errors

Specifies whether the LDAP import ignores users or user groups for which errors occurred without showing an error message.

Valid input

True (without message), False (with error message)

com.aris.umc.ldap.sync.members.searchBottomUp

Use bottom-up method

Specifies whether the bottom-up method (memberOf attribute) or the top-down method (hasMember attribute) is applied when associating users to user groups.

Valid input

true, false

Example

False

com.aris.umc.ldap.sync.useDnAsGuid

Use DN as GUID

Specifies that the fully qualified name (distinguished name) is used as GUID.

Valid input

true, false

Example

False

Individual LDAP server

You can specify the properties of each individual LDAP server.

Connection

Key

Description

com.aris.umc.ldap.connection.id plus the ID defined.

ID

Specifies the unique ID of this specific LDAP connection.

Valid input

String

com.aris.umc.ldap.connection.name plus the ID defined.

Name

Specifies the name of this specific LDAP connection.

Valid input

String

com.aris.umc.ldap.url

Server URL

Specifies the URL of the LDAP server.

Valid input

String

com.aris.umc.ldap.backup.url

Server URL (fallback)

Specifies the fallback URL of the LDAP server. This URL is only used if the server cannot be reached via its primary URL.

Valid input

String

com.aris.umc.ldap.service.user

User name

Specifies the user name of the LDAP user.

Valid input

String

Example

arisldapservice

com.aris.umc.ldap.service.pwd

Password

Specifies the password of the LDAP user.

Valid input

String

com.aris.umc.ldap.ssl

Use SSL

Specifies if SSL is to be used.

Valid input

true, false

com.aris.umc.ldap.ssl.mode

SSL mode

Specifies the SSL mode.

Valid input

String

Example

STARTTTLS

com.aris.umc.ldap.ssl.host.verification.active

Verify host names

Specifies if an SSL host is to be verified.

Valid input

true, false

com.aris.umc.ldap.ssl.certificate.verification.active

Verify certificates

Specifies whether an SSL certificate is to be verified.

Valid input

true, false

com.aris.umc.ldap.connection.concurrent

Simultaneous connections

Specifies the maximum number of simultaneous connections to the same LDAP server. If additional connections are to be established, they are refused.

Valid input

Integer > 0

com.aris.umc.ldap.timeout

Connection timeout (in milliseconds)

Specifies the duration after which the attempt to connect to the LDAP server is canceled. This is defined in milliseconds.

Valid input

Integer > 0

com.aris.umc.ldap.read.timeout

Read timeout (in milliseconds)

Specifies the maximum amount of time that read access may take. This is defined in milliseconds.

Valid input

Integer > 0

Attribute mappings

Key

Description

com.aris.umc.ldap.attribute.objectclass

objectClass

Specifies the attribute that contains the object class.

Valid input

String

Example

objectClass

com.aris.umc.ldap.attribute.distinguishedname

DN

Specifies the fully qualified name (distinguished name).

Valid input

String

Example

distinguishedName

com.aris.umc.ldap.attribute.guid

GUID

Specifies the LDAP GUID.

Valid input

String

Example

Object GUID

Group attribute mappings

Key

Description

Valid input

Example

com.aris.umc.ldap.attribute.group.name

Name

Specifies the group name.

Valid input

String

Example

Group name

String

Group name

com.aris.umc.ldap.attribute.hasmember

hasMember

Specifies the attribute that references the members of a group.

Valid input

String

Example

hasMember

String

hasMember

com.aris.umc.ldap.group.attributes.userdefined

User-defined

Specifies a comma-separated list of LDAP attributes that are to be imported as user-defined attributes of a user group.

Valid input

String

Example

Description, operating system

String

Description, operating system

User attribute mappings

Key

Description

Valid input

Example

com.aris.umc.ldap.attribute.user.name

Name

Specifies the user name of a user.

Valid input

String

Example

Fragment

String

Fragment

com.aris.umc.ldap.attribute.user.firstname

First name

Specifies the first name of a user.

Valid input

String

Example

John

String

John

com.aris.umc.ldap.attribute.user.lastname

Last name

Specifies the last name of a user.

Valid input

String

Example

Smith

String

Smith

com.aris.umc.ldap.attribute.user.email

E-mail address

Specifies the e-mail address of a user.

Valid input

String

Example

john.smith@softwareag.com

String

john.smith@softwareag.com

com.aris.umc.ldap.attribute.user.phone

Telephone number

Specifies the telephone number of a user.

Valid input

String

Example

+491234567

String

+491234567

com.aris.umc.ldap.attribute.user.picture

Picture

Specifies the picture of a user.

Valid input

Location of an image

Location of an image

 

com.aris.umc.ldap.attribute.memberof

Member of

Specifies the attribute that references the groups of a user.

Valid input

String

Example

memberOf

String

memberOf

com.aris.umc.ldap.user.attributes.userdefined

User-defined

Specifies a comma-separated list of LDAP attributes that are to be imported as user-defined attributes of a user.

Valid input

String

Example

Description, operating system

String

Description, operating system

Behavior

Key

Description

com.aris.umc.ldap.group.objectclass

Group object class

Object class of the LDAP groups.

Valid input

String

Example

Group

com.aris.umc.ldap.user.objectclass

User object class

Specifies the object class of the LDAP user.

Valid input

String

Example

Organizational unit

com.aris.umc.ldap.searchpath

Search paths

Specifies a semicolon-separated list of all LDAP search paths.

Valid input

String

Example

OU\=stadt\,OU\=location\,

OU\=employees\,DC\=my\,DC\=corp\,

DC\=company\,DC\=com

com.aris.umc.ldap.group.searchpath

Group search paths

Specifies a semicolon-separated list of all LDAP search paths for user groups. Overwrites the list of general search paths.

Valid input

String

Example

OU\=distribution lists\,DC\=my,DC\=corp\,DC\=company\,DC\=com

com.aris.umc.ldap.user.searchpath

User search paths

Specifies a semicolon-separated list of LDAP search paths for users. Overwrites the list of general search paths.

Valid input

String

Example

OU\=employees\,DC\=my\,DC\=corp\,

DC\=company\,DC\=com

com.aris.umc.ldap.filter.group

Group search filter

Specifies the query filter for LDAP groups.

Valid input

String

Example

(&(objectClass=role)(name=y*))

com.aris.umc.ldap.filter.user

User search filter

Specifies the query filter for LDAP users.

Valid input

String

Example

(&(sAMAccountName=*))

com.aris.umc.ldap.recursion.depth

Recursion depth

Specifies the recursion depth that is to be used for nested groups and users.

Valid input

1 means one level, 0 means all

Example

1

com.aris.umc.ldap.pagesize

Page size

Specifies the maximum number of entries that are loaded in a single LDAP query.

Valid input

Integer > 0

com.aris.umc.ldap.referral

Referrals

Defines how referrals to other LDAP systems are processed.

Valid input

follow means that the referral is automatically

Example

ignore