Customize LDAP settings

You can customize your system configuration as required. You carry out this part of the configuration in ARIS Administration.

Prerequisite

You have the Technical configuration administrator function privilege.

Procedure

  1. Click Configuration Configuration.

  2. Click the arrow next to LDAP.

  3. Click a configuration category. The following categories are available:

    General settings

    You can configure the following properties of your system:

    Activate LDAP

    Specifies whether or not the LDAP integration is enabled. This corresponds to the following property: com.aris.umc.ldap.active

    Activate multiple LDAP integration

    Specifies whether or not integration of multiple LDAP servers is to be activated. The default value is false. This corresponds to the following property: com.aris.umc.ldap.multi.active

    Configured LDAP server count

    Displays the number of LDAP servers allowed. This corresponds to the following property: com.aris.umc.ldap.connection.count

    Truststore

    Truststore

    Specifies where to look for the truststore. This corresponds to the following property: com.aris.umc.ldap.ssl.truststore.location

    Upload Upload

    You can upload a truststore file.

    Password

    Specifies the truststore password. This corresponds to the following property: com.aris.umc.ldap.ssl.truststore.password

    Type

    Specifies the truststore type to be used. This corresponds to the following property: com.aris.umc.ldap.ssl.truststore.type

    Advanced settings

    Debug output

    Specifies whether or not debug information for LDAP operations are output. This corresponds to the following property: com.aris.umc.ldap.debug

    Import superior group

    Specifies whether the superior group is to be imported automatically when the group is imported. This corresponds to the following property: com.aris.umc.ldap.group.import.parent.enabled

    Import user at login

    Specifies whether an LDAP user is to be imported automatically during the login attempt. This corresponds to the following property: com.aris.umc.ldap.user.importOnLogin

    Import user groups when synchronizing

    Specifies whether additional user groups are to be imported during user synchronization. This corresponds to the following property: com.aris.umc.ldap.sync.user.importGroups

    Update group associations at login

    Specifies whether the memberOf attribute is read (true) or not (false). If the value of the property is true, the memberOf attribute is read and the referenced groups are automatically imported. The import of the groups occurs when a user from the group logs in for the first time. This corresponds to the following property: com.aris.umc.ldap.attribute.memberof.resolveOnFirstLogin

    Use attribute value pagination

    Specifies whether a page break is to be inserted if the server-side limit for valid values is exceeded for attributes, for example, if more than 1,500 attribute values exist. This corresponds to the following property: com.aris.umc.ldap.attributes.paging.enabled

    Prevent login of manually created users

    Specifies that only LDAP users may log in. This does not apply to the arisservice, guest, superuser, and system users. This corresponds to the following property: com.aris.umc.ldap.auth.only

    Cache size

    Specifies the maximum number of LDAP entities that are cached during an import. This corresponds to the following property: com.aris.umc.ldap.entity.cache.size

    Pool wait time

    Specifies the maximum amount of time in milliseconds that a connection request may take if the maximum number of connections to the LDAP server was exceeded. Cross-tenant property that can only be changed using ARIS Cloud Controller. For more information, refer to ARIS Cloud Controller (ACC) Command-line Tool manual. This corresponds to the following property: com.aris.umc.ldap.connection.concurrent.timeout

    Pool size

    Specifies the maximum number of connections that are ready for reuse in a pool. The connection that was used last is discarded when the pool is full. Cross-tenant property that can only be changed using ARIS Cloud Controller. For more information, refer to ARIS Cloud Controller (ACC) Command-line Tool manual. This corresponds to the following property: com.aris.umc.ldap.connection.pool.size

    Pool time

    Specifies the maximum amount of time that a connection remains in a pool. The connection is removed from the pool at the latest after this period of time. This is defined in milliseconds. Cross-tenant property that can only be changed using ARIS Cloud Controller. For more information, refer to ARIS Cloud Controller (ACC) Command-line Tool manual. This corresponds to the following property: com.aris.umc.ldap.connection.pool.timeout

    Skip errors

    Specifies whether the LDAP import ignores users or user groups for which errors occurred without showing an error message. This corresponds to the following property: com.aris.umc.ldap.sync.skipOnFault

    Use bottom-up method

    Specifies whether the bottom-up method (memberOf attribute) or the top-down method (hasMember attribute) is applied when associating users to user groups. This corresponds to the following property: com.aris.umc.ldap.sync.members.searchBottomUp

    Use DN as GUID

    Specifies that the fully qualified name (distinguished name) is used as GUID. This corresponds to the following property: com.aris.umc.ldap.sync.useDnAsGuid

  4. Click the arrow next to the relevant LDAP server.

  5. Click a configuration category. The following categories are available:

    Connection

    You can configure the following properties of your system:

    ID

    Specifies the unique ID of this specific LDAP connection. This corresponds to the following property: com.aris.umc.ldap.connection.id

    Name

    Specifies the name of this specific LDAP connection. This corresponds to the following property: com.aris.umc.ldap.connection.name plus the ID defined.

    Server URL

    Specifies the URL of the LDAP server. This corresponds to the following property: com.aris.umc.ldap.url

    Server URL (fallback)

    Specifies the fallback URL of the LDAP server. This URL is only used if the server cannot be reached via its primary URL. This corresponds to the following property: com.aris.umc.ldap.backup.url

    User name

    Specifies the user name of the LDAP user. This corresponds to the following property: com.aris.umc.ldap.service.user

    Password

    Specifies the password of the LDAP user. This corresponds to the following property: com.aris.umc.ldap.service.pwd

    Use SSL

    Specifies if SSL is to be used. This corresponds to the following property: com.aris.umc.ldap.ssl

    SSL mode

    Specifies the SSL mode. This corresponds to the following property: com.aris.umc.ldap.ssl.mode

    Verify host names

    Specifies if an SSL host is to be verified. This corresponds to the following property: com.aris.umc.ldap.ssl.host.verification.active

    Verify certificates

    Specifies whether an SSL certificate is to be verified. This corresponds to the following property: com.aris.umc.ldap.ssl.certificate.verification.active

    Simultaneous connections

    Specifies the maximum number of simultaneous connections to the same LDAP server. If additional connections are to be established, they are refused. Cross-tenant property that can only be changed using ARIS Cloud Controller. For more information, refer to ARIS Cloud Controller (ACC) Command-line Tool manual.

    This corresponds to the following property: com.aris.umc.ldap.connection.concurrent

    Connection timeout

    Specifies the duration after which the attempt to connect to the LDAP server is canceled. This is defined in milliseconds. This corresponds to the following property: com.aris.umc.ldap.timeout

    Read timeout

    Specifies the maximum amount of time that read access may take. This is defined in milliseconds. This corresponds to the following property: com.aris.umc.ldap.read.timeout

    Attribute mappings

    You can configure the following properties of your system:

    objectClass

    Specifies the attribute that contains the object class. This corresponds to the following property: com.aris.umc.ldap.attribute.objectclass

    DN

    Specifies the fully qualified name (distinguished name). This corresponds to the following property: com.aris.umc.ldap.attribute.distinguishedname

    GUID

    Specifies the LDAP GUID. This corresponds to the following property: com.aris.umc.ldap.attribute.guid

    Group attribute mappings

    You can configure the following properties of your system:

    Name

    Specifies the group name. This corresponds to the following property: com.aris.umc.ldap.attribute.group.name

    hasMember

    Specifies the attribute that references the members of a group. This corresponds to the following property: com.aris.umc.ldap.attribute.hasmember

    User-defined

    Specifies a comma-separated list of LDAP attributes that are to be imported as user-defined attributes of a group. This corresponds to the following property: com.aris.umc.ldap.group.attributes.userdefined

    User attribute mappings

    You can configure the following properties of your system:

    Name

    Specifies the user name of a user. This corresponds to the following property: com.aris.umc.ldap.attribute.user.name

    First name

    Specifies the first name of a user. This corresponds to the following property: com.aris.umc.ldap.attribute.user.firstname

    Last name

    Specifies the last name of a user. This corresponds to the following property: com.aris.umc.ldap.attribute.user.lastname

    E-mail address

    Specifies the e-mail address of a user. This corresponds to the following property: com.aris.umc.ldap.attribute.user.email

    Telephone number

    Specifies the telephone number of a user. This corresponds to the following property: com.aris.umc.ldap.attribute.user.phone

    Picture

    Specifies the picture of a user. This corresponds to the following property: com.aris.umc.ldap.attribute.user.picture

    memberOf

    Specifies the attribute that references the groups of a user. This corresponds to the following property: com.aris.umc.ldap.attribute.memberof

    User-defined

    Specifies a comma-separated list of LDAP attributes that are to be imported as user-defined attributes of a user. This corresponds to the following property: com.aris.umc.ldap.user.attributes.userdefined

    Behavior

    Group object class

    Object class of the LDAP groups. This corresponds to the following property: com.aris.umc.ldap.group.objectclass

    User object class

    Specifies the object class of the LDAP user. This corresponds to the following property: com.aris.umc.ldap.user.objectclass

    Search paths

    Specifies a comma-separated list of all LDAP search paths. This corresponds to the following property: com.aris.umc.ldap.searchpath

    Group search paths

    Specifies a comma-separated list of all LDAP search paths for user groups. Overwrites the list of general search paths. This corresponds to the following property: com.aris.umc.ldap.group.searchpath

    User search paths

    Specifies a comma-separated list of LDAP search paths for users. Overwrites the list of general search paths. This corresponds to the following property: com.aris.umc.ldap.user.searchpath

    Group search filter

    Specifies the query filter for LDAP groups. This corresponds to the following property: com.aris.umc.ldap.filter.group

    User search filter

    Specifies the query filter for LDAP users. This corresponds to the following property: com.aris.umc.ldap.filter.user

    Recursion depth

    Specifies the recursion depth that is to be used for nested groups and users. This corresponds to the following property: com.aris.umc.ldap.recursion.depth

    Page size

    Specifies the maximum number of entries that are loaded in a single LDAP query. This corresponds to the following property: com.aris.umc.ldap.pagesize

    Referrals

    Defines how referrals to other LDAP systems are processed. This corresponds to the following property: com.aris.umc.ldap.referral

  6. Click Edit Edit.

    The Cross-tenant symbol Cross-tenant indicates that the settings made apply to all tenants on this server and cannot be changed.

  7. Adjust your settings.

  8. Click Save Save.

You have customized your system configuration.

See also

What LDAP properties are available?

What LDAP attribute mapping properties are available?

Add LDAP server