What LDAP properties are available?

You can customize LDAP as required.

General settings

Key

Description

Valid input

Example

com.aris.umc.ldap.active

Activate LDAP

Specifies whether or not the LDAP integration is enabled.

true, false

 

com.aris.umc.ldap.multi.active

Activate multiple LDAP integration

Specifies whether or not integration of multiple LDAP servers is to be activated. The default value is false.

true, false

 

com.aris.umc.ldap.connection.count

Configured LDAP server count

Displays the number of LDAP servers allowed.

Integer

2

Truststore

Key

Description

Valid input

Example

com.aris.umc.ldap.ssl.truststore.location

Truststore

Specifies where to look for the truststore.

String

 

com.aris.umc.ldap.ssl.truststore.password

Password

Specifies the truststore password.

String

 

com.aris.umc.ldap.ssl.truststore.type

Type

Specifies the truststore type to be used.

String

 

Advanced settings

Key

Description

Valid input

Example

com.aris.umc.ldap.debug

Debug output

Specifies whether or not debug information for LDAP operations are output.

true, false

false

com.aris.umc.ldap.group.import.parent.enabled

Import superior group

Specifies whether the superior group is to be imported automatically when the group is imported.

true, false

false

com.aris.umc.ldap.user.importOnLogin

Import user at login

Specifies whether an LDAP user is to be imported automatically during the login attempt.

true, false

false

com.aris.umc.ldap.sync.user.importGroups

Import user groups when synchronizing

Specifies whether additional user groups are to be imported during user synchronization.

true, false

false

com.aris.umc.ldap.attribute.memberof.resolveOnFirstLogin

Update group associations at login

Specifies whether the memberOf attribute is read (true) or not (false). If the value of the property is true, the memberOf attribute is read and the referenced groups are automatically imported. The import of the groups occurs when a user from the group logs in for the first time.

true, false

 

com.aris.umc.ldap.attributes.paging.enabled

Use attribute value pagination

Specifies whether a page break is to be inserted if the server-side limit for valid values is exceeded for attributes, for example, if more than 1,500 attribute values exist.

true, false

 

com.aris.umc.ldap.auth.only

Prevent login of manually created users

Specifies that only LDAP users may log in. This does not apply to the arisservice, guest, superuser, and system users.

true, false

 

com.aris.umc.ldap.entity.cache.size

Cache size

Specifies the maximum number of LDAP entities that are cached during an import.

Integer > 0

3500

com.aris.umc.ldap.connection.concurrent.timeout

Pool wait time (in milliseconds)

Specifies the maximum amount of time in milliseconds that a connection request may take if the maximum number of connections to the LDAP server was exceeded.

Integer > 0

 

com.aris.umc.ldap.connection.pool.size

Pool size

Specifies the maximum number of connections that are ready for reuse in a pool. The connection that was used last is discarded when the pool is full.

Integer > 0

 

com.aris.umc.ldap.connection.pool.timeout

Pool time (in milliseconds)

Specifies the maximum amount of time that a connection remains in a pool. The connection is removed from the pool at the latest after this period of time. This is defined in milliseconds.

Integer > 0

 

com.aris.umc.ldap.sync.skipOnFault

Skip errors

Specifies whether the LDAP import ignores users or user groups for which errors occurred without showing an error message.

true (without message), false (with error message)

 

com.aris.umc.ldap.sync.members.searchBottomUp

Use bottom-up method

Specifies whether the bottom-up method (memberOf attribute) or the top-down method (hasMember attribute) is applied when associating users to user groups.

true, false

false

com.aris.umc.ldap.sync.useDnAsGuid

Use DN as GUID

Specifies that the fully qualified name (distinguished name) is used as GUID.

true, false

false

Individual LDAP server

You can specify the properties of each individual LDAP server.

Connection

Key

Description

Valid input

Example

com.aris.umc.ldap.connection.id plus the ID defined.

ID

Specifies the unique ID of this specific LDAP connection.

String

 

com.aris.umc.ldap.connection.name plus the ID defined.

Name

Specifies the name of this specific LDAP connection.

String

 

com.aris.umc.ldap.url

Server URL

Specifies the URL of the LDAP server.

String

 

com.aris.umc.ldap.backup.url

Server URL (fallback)

Specifies the fallback URL of the LDAP server. This URL is only used if the server cannot be reached via its primary URL.

String

 

com.aris.umc.ldap.service.user

User name

Specifies the user name of the LDAP user.

String

arisldapservice

com.aris.umc.ldap.service.pwd

Password

Specifies the password of the LDAP user.

String

 

com.aris.umc.ldap.ssl

Use SSL

Specifies if SSL is to be used.

true, false

 

com.aris.umc.ldap.ssl.mode

SSL mode

Specifies the SSL mode.

String

STARTTTLS

com.aris.umc.ldap.ssl.host.verification.active

Verify host names

Specifies if an SSL host is to be verified.

true, false

 

com.aris.umc.ldap.ssl.certificate.verification.active

Verify certificates

Specifies whether an SSL certificate is to be verified.

true, false

 

com.aris.umc.ldap.connection.concurrent

Simultaneous connections

Specifies the maximum number of simultaneous connections to the same LDAP server. If additional connections are to be established, they are refused.

Integer > 0

 

com.aris.umc.ldap.timeout

Connection timeout (in milliseconds)

Specifies the duration after which the attempt to connect to the LDAP server is canceled. This is defined in milliseconds.

Integer > 0

 

com.aris.umc.ldap.read.timeout

Read timeout (in milliseconds)

Specifies the maximum amount of time that read access may take. This is defined in milliseconds.

Integer > 0

 

Attribute mappings

Key

Description

Valid input

Example

com.aris.umc.ldap.attribute.objectclass

objectClass

Specifies the attribute that contains the object class.

String

objectClass

com.aris.umc.ldap.attribute.distinguishedname

DN

Specifies the fully qualified name (distinguished name).

String

distinguishedName

com.aris.umc.ldap.attribute.guid

GUID

Specifies the LDAP GUID.

String

Object GUID

Group attribute mappings

Key

Description

Valid input

Example

com.aris.umc.ldap.attribute.group.name

Name

Specifies the group name.

String

Group name

com.aris.umc.ldap.attribute.hasmember

hasMember

Specifies the attribute that references the members of a group.

String

hasMember

com.aris.umc.ldap.group.attributes.userdefined

User-defined

Specifies a comma-separated list of LDAP attributes that are to be imported as user-defined attributes of a user group.

String

Description, operating system

User attribute mappings

Key

Description

Valid input

Example

com.aris.umc.ldap.attribute.user.name

Name

Specifies the user name of a user.

String

Fragment

com.aris.umc.ldap.attribute.user.firstname

First name

Specifies the first name of a user.

String

John

com.aris.umc.ldap.attribute.user.lastname

Last name

Specifies the last name of a user.

String

Smith

com.aris.umc.ldap.attribute.user.email

E-mail address

Specifies the e-mail address of a user.

String

john.smith@softwareag.com

com.aris.umc.ldap.attribute.user.phone

Telephone number

Specifies the telephone number of a user.

String

+491234567

com.aris.umc.ldap.attribute.user.picture

Picture

Specifies the picture of a user.

Location of an image

 

com.aris.umc.ldap.attribute.memberof

memberOf

Specifies the attribute that references the groups of a user.

String

memberOf

com.aris.umc.ldap.user.attributes.userdefined

User-defined

Specifies a comma-separated list of LDAP attributes that are to be imported as user-defined attributes of a user.

String

Description, operating system

Behavior

Key

Description

Valid input

Example

com.aris.umc.ldap.group.objectclass

Group object class

Object class of the LDAP groups.

String

Group

com.aris.umc.ldap.user.objectclass

User object class

Specifies the object class of the LDAP user.

String

Organizational unit

com.aris.umc.ldap.searchpath

Search paths

Specifies a semicolon-separated list of all LDAP search paths.

String

OU\=stadt\,OU\=location\,

OU\=employees\,DC\=my\,DC\=corp\,

DC\=company\,DC\=com

com.aris.umc.ldap.group.searchpath

Group search paths

Specifies a semicolon-separated list of all LDAP search paths for user groups. Overwrites the list of general search paths.

String

OU\=distribution lists\,DC\=my,DC\=corp\,DC\=company\,DC\=com

com.aris.umc.ldap.user.searchpath

User search paths

Specifies a semicolon-separated list of LDAP search paths for users. Overwrites the list of general search paths.

String

OU\=employees\,DC\=my\,DC\=corp\,

DC\=company\,DC\=com

com.aris.umc.ldap.filter.group

Group search filter

Specifies the query filter for LDAP groups.

String

(&(objectClass=role)(name=y*))

com.aris.umc.ldap.filter.user

User search filter

Specifies the query filter for LDAP users.


String

(&(sAMAccountName=*))

com.aris.umc.ldap.recursion.depth

Recursion depth

Specifies the recursion depth that is to be used for nested groups and users.

1 means one level, 0 means all

1

com.aris.umc.ldap.pagesize

Page size

Specifies the maximum number of entries that are loaded in a single LDAP query.

Integer > 0

 

com.aris.umc.ldap.referral

Referrals

Defines how referrals to other LDAP systems are processed.

follow means that the referral is automatically

ignore