You can customize LDAP as required.
General settings
Key |
Description |
---|---|
com.aris.umc.ldap.active |
Use LDAP Specifies whether or not the LDAP integration is enabled. Valid input true, false |
com.aris.umc.ldap.multi.active |
Activate multiple LDAP integration Specifies whether or not integration of multiple LDAP servers is to be activated. The default value is false. Valid input true, false |
com.aris.umc.ldap.connection.count |
Number of configured LDAP servers Displays the number of LDAP servers allowed. Valid input Integer Example 2 |
Truststore
Key |
Description |
---|---|
com.aris.umc.ldap.ssl.truststore.location |
Truststore Specifies where to look for the truststore. Valid input String |
com.aris.umc.ldap.ssl.truststore.password |
Password Specifies the truststore password. Valid input String |
com.aris.umc.ldap.ssl.truststore.type |
Type Specifies the truststore type to be used. Valid input String |
Advanced settings
Key |
Description |
---|---|
com.aris.umc.ldap.debug |
Debug output Specifies whether or not debug information for LDAP operations are output. Valid input true, false Example False |
com.aris.umc.ldap.group.import.parent.enabled |
Import superior group Specifies whether the superior group is to be imported automatically when the group is imported. Valid input true, false Example False |
com.aris.umc.ldap.user.importOnLogin |
Import user at login Specifies whether an LDAP user is to be imported automatically during the login attempt. Valid input true, false Example False |
com.aris.umc.ldap.sync.user.importGroups |
Import user groups when synchronizing Specifies whether additional user groups are to be imported during user synchronization. Valid input true, false Example False |
com.aris.umc.ldap.attribute.memberof.resolveOnFirstLogin |
Update group associations at login Specifies whether the memberOf attribute is read (true) or not (false). If the value of the property is true, the memberOf attribute is read and the referenced groups are automatically imported. The import of the groups occurs when a user from the group logs in for the first time. Valid input true, false |
com.aris.umc.ldap.attributes.paging.enabled |
Use attribute value pagination Specifies whether a page break is to be inserted if the server-side limit for valid values is exceeded for attributes, for example, if more than 1,500 attribute values exist. Valid input true, false |
com.aris.umc.ldap.auth.only |
Prevent login of manually created users Specifies that only LDAP users may log in. This does not apply to the arisservice, guest, superuser, and system users. Valid input true, false |
com.aris.umc.ldap.entity.cache.size |
Cache size Specifies the maximum number of LDAP entities that are cached during an import. Valid input Integer > 0 Example 3500 |
com.aris.umc.ldap.connection.concurrent.timeout |
Pool wait time (in milliseconds) Specifies the maximum amount of time in milliseconds that a connection request may take if the maximum number of connections to the LDAP server was exceeded. Valid input Integer > 0 |
com.aris.umc.ldap.connection.pool.size |
Pool size Specifies the maximum number of connections that are ready for reuse in a pool. The connection that was used last is discarded when the pool is full. Valid input Integer > 0 |
com.aris.umc.ldap.connection.pool.timeout |
Pool time (in milliseconds) Specifies the maximum amount of time that a connection remains in a pool. The connection is removed from the pool at the latest after this period of time. This is defined in milliseconds. Valid input Integer > 0 |
com.aris.umc.ldap.sync.skipOnFault |
Skip errors Specifies whether the LDAP import ignores users or user groups for which errors occurred without showing an error message. Valid input True (without message), False (with error message) |
com.aris.umc.ldap.sync.members.searchBottomUp |
Use bottom-up method Specifies whether the bottom-up method (memberOf attribute) or the top-down method (hasMember attribute) is applied when associating users to user groups. Valid input true, false Example False |
com.aris.umc.ldap.sync.useDnAsGuid |
Use DN as GUID Specifies that the fully qualified name (distinguished name) is used as GUID. Valid input true, false Example False |
Individual LDAP server
You can specify the properties of each individual LDAP server.
Connection
Key |
Description |
---|---|
com.aris.umc.ldap.connection.id plus the ID defined. |
ID Specifies the unique ID of this specific LDAP connection. Valid input String |
com.aris.umc.ldap.connection.name plus the ID defined. |
Name Specifies the name of this specific LDAP connection. Valid input String |
com.aris.umc.ldap.url |
Server URL Specifies the URL of the LDAP server. Valid input String |
com.aris.umc.ldap.backup.url |
Server URL (fallback) Specifies the fallback URL of the LDAP server. This URL is only used if the server cannot be reached via its primary URL. Valid input String |
com.aris.umc.ldap.service.user |
User name Specifies the user name of the LDAP user. Valid input String Example arisldapservice |
com.aris.umc.ldap.service.pwd |
Password Specifies the password of the LDAP user. Valid input String |
com.aris.umc.ldap.ssl |
Use SSL Specifies if SSL is to be used. Valid input true, false |
com.aris.umc.ldap.ssl.mode |
SSL mode Specifies the SSL mode. Valid input String Example STARTTTLS |
com.aris.umc.ldap.ssl.host.verification.active |
Verify host names Specifies if an SSL host is to be verified. Valid input true, false |
com.aris.umc.ldap.ssl.certificate.verification.active |
Verify certificates Specifies whether an SSL certificate is to be verified. Valid input true, false |
com.aris.umc.ldap.connection.concurrent |
Simultaneous connections Specifies the maximum number of simultaneous connections to the same LDAP server. If additional connections are to be established, they are refused. Valid input Integer > 0 |
com.aris.umc.ldap.timeout |
Connection timeout (in milliseconds) Specifies the duration after which the attempt to connect to the LDAP server is canceled. This is defined in milliseconds. Valid input Integer > 0 |
com.aris.umc.ldap.read.timeout |
Read timeout (in milliseconds) Specifies the maximum amount of time that read access may take. This is defined in milliseconds. Valid input Integer > 0 |
Attribute mappings
Key |
Description |
---|---|
com.aris.umc.ldap.attribute.objectclass |
objectClass Specifies the attribute that contains the object class. Valid input String Example objectClass |
com.aris.umc.ldap.attribute.distinguishedname |
DN Specifies the fully qualified name (distinguished name). Valid input String Example distinguishedName |
com.aris.umc.ldap.attribute.guid |
GUID Specifies the LDAP GUID. Valid input String Example Object GUID |
Group attribute mappings
Key |
Description |
Valid input |
Example |
|
---|---|---|---|---|
com.aris.umc.ldap.attribute.group.name |
Name Specifies the group name. Valid input String Example Group name |
String |
Group name |
|
com.aris.umc.ldap.attribute.hasmember |
hasMember Specifies the attribute that references the members of a group. Valid input String Example hasMember |
String |
hasMember |
|
com.aris.umc.ldap.group.attributes.userdefined |
User-defined Specifies a comma-separated list of LDAP attributes that are to be imported as user-defined attributes of a user group. Valid input String Example Description, operating system |
String |
Description, operating system |
User attribute mappings
Key |
Description |
Valid input |
Example |
---|---|---|---|
com.aris.umc.ldap.attribute.user.name |
Name Specifies the user name of a user. Valid input String Example Fragment |
String |
Fragment |
com.aris.umc.ldap.attribute.user.firstname |
First name Specifies the first name of a user. Valid input String Example John |
String |
John |
com.aris.umc.ldap.attribute.user.lastname |
Last name Specifies the last name of a user. Valid input String Example Smith |
String |
Smith |
com.aris.umc.ldap.attribute.user.email |
E-mail address Specifies the e-mail address of a user. Valid input String Example john.smith@softwareag.com |
String |
john.smith@softwareag.com |
com.aris.umc.ldap.attribute.user.phone |
Telephone number Specifies the telephone number of a user. Valid input String Example +491234567 |
String |
+491234567 |
com.aris.umc.ldap.attribute.user.picture |
Picture Specifies the picture of a user. Valid input Location of an image |
Location of an image |
|
com.aris.umc.ldap.attribute.memberof |
Member of Specifies the attribute that references the groups of a user. Valid input String Example memberOf |
String |
memberOf |
com.aris.umc.ldap.user.attributes.userdefined |
User-defined Specifies a comma-separated list of LDAP attributes that are to be imported as user-defined attributes of a user. Valid input String Example Description, operating system |
String |
Description, operating system |
Behavior
Key |
Description |
---|---|
com.aris.umc.ldap.group.objectclass |
Group object class Object class of the LDAP groups. Valid input String Example Group |
com.aris.umc.ldap.user.objectclass |
User object class Specifies the object class of the LDAP user. Valid input String Example Organizational unit |
com.aris.umc.ldap.searchpath |
Search paths Specifies a semicolon-separated list of all LDAP search paths. Valid input String Example OU\=stadt\,OU\=location\, OU\=employees\,DC\=my\,DC\=corp\, DC\=company\,DC\=com |
com.aris.umc.ldap.group.searchpath |
Group search paths Specifies a semicolon-separated list of all LDAP search paths for user groups. Overwrites the list of general search paths. Valid input String Example OU\=distribution lists\,DC\=my,DC\=corp\,DC\=company\,DC\=com |
com.aris.umc.ldap.user.searchpath |
User search paths Specifies a semicolon-separated list of LDAP search paths for users. Overwrites the list of general search paths. Valid input String Example OU\=employees\,DC\=my\,DC\=corp\, DC\=company\,DC\=com |
com.aris.umc.ldap.filter.group |
Group search filter Specifies the query filter for LDAP groups. Valid input String Example (&(objectClass=role)(name=y*)) |
com.aris.umc.ldap.filter.user |
User search filter Specifies the query filter for LDAP users. Valid input String Example (&(sAMAccountName=*)) |
com.aris.umc.ldap.recursion.depth |
Recursion depth Specifies the recursion depth that is to be used for nested groups and users. Valid input 1 means one level, 0 means all Example 1 |
com.aris.umc.ldap.pagesize |
Page size Specifies the maximum number of entries that are loaded in a single LDAP query. Valid input Integer > 0 |
com.aris.umc.ldap.referral |
Referrals Defines how referrals to other LDAP systems are processed. Valid input follow means that the referral is automatically Example ignore |