CentraSite 10.11 | CentraSite Administrator’s Guide | Configuring CentraSite | Configuring User Authentication and Repositories | Configuring LDAP Authentication Type | LDAP Authentication Configuration Parameters
 
LDAP Authentication Configuration Parameters
The CentraSite Command set Authentication opens an interactive dialog that prompts you to enter the basic details for LDAP authentication.
The general values that you can specify for an LDAP authentication in the interactive dialog are described below.
Refer to the documentation of your LDAP system supplier for details.
LDAP Server Configuration
Prompt Text: Configuration Enabled
Description: Indicates if the LDAP server configuration is enabled or disabled.
Property: enabled
Value: The possible values are true and false.
Prompt Text: URL of the LDAP server
Description: The URL of the machine where the LDAP server is located. The expected format is:
*ldap://<host>:<port>
*ldaps://<host>:<port>
*To use an SSL connection for the LDAP server, you must specify the URL to start with ldaps and provide the truststore and keystore parameters.
*To use an IPv6 address (instead of the domain name), you must enclose the URL in square brackets.
Property: url
Value: ldaps://<listening address>:10636
Prompt Text: Connection Timeout
Description: The maximum time interval (in milliseconds) for an LDAP operation. The default value is 5000.
Property: timeout
Prompt Text: Principal (Technical User) DN
Description: The distinguished name (DN) of the technical user that connects to the LDAP server if an anonymous access to the LDAP server is not allowed.
For more background information on the technical user, see Technical Principal for LDAP.
Property: prin
Value: cn=techuser,ou=people,dc=mydomain,dc=com
Prompt Text: Password of Technical User
Description: The password for the technical user identified by the property prin.
This property is required only if the related property noPrinIsAnonymous is set to false. Otherwise, this property must not be specified.
Property: @secure.cred
Prompt Text: Truststore Type
Description: The type of truststore to use if an SSL connection is required.
Property: truststoreType
Value: The possible values are JKS and PKCS12.
Prompt Text: URL of Truststore Location
Description: The URL of the truststore containing the trusted root certificates.
Property: truststoreUrl
Value: file:/C:/TMP/trusted.ks
Prompt Text: Keystore Type
Description: The type of keystore to use if an SSL connection is required.
Property: keystoreType
Value: The possible values are JKS and PKCS12.
Prompt Text: URL of Keystore Location
Description: The URL of the keystore containing the private keys and SSL certificates.
Property: keystoreUrl
Value: file:/C:/TMP/keystore.ks
Prompt Text: Keystore Password
Description: The password of the keystore.
Property: @secure.keystorePassword
User Information Configuration
The user-specific settings that you can specify for an LDAP configuration are described below.
Prompt Text: User Id. Attribute
Description: Specifies the LDAP username attribute. This is the name of the property in the user node that is used to uniquely identify a user.
Property: cn
Value: uidprop
Prompt Text: User Root DN (Location to be searched for users)
Description: The location to search for users. The directory tree part of the distinguished name (standard LDAP terminology) of the entry. The method of specifying the path uses the standard LDAP path convention: first, a unique property of the DN node is specified, along with the property's value. Usually the property ou (organizational unit) is the property selected for this purpose. Then the next higher dc node (that is, a node with a dc property), then the next higher dc node and so on, until finally the root node.
Property: userrootdn
Value: ou=people,dc=mydomain,dc=com
Prompt Text: User Object Class
Description: Specifies that the identified object is a person and is used to categorize nodes as user nodes. The login module uses this parameter when searching for users.
Property: inetOrgPerson
Value: personobjclass
User Mapping Configuration
For background information on User Mapping Configuration, see Mapping User and Group Fields.
Group Information Configuration
The group-specific settings that you can specify for an LDAP configuration are described below.
Prompt Text: Group Id. Attribute
Description: Specifies the LDAP group attribute. This is the name of the property in the group node that is used to uniquely identify a group.
Property: gidprop
Value: cn
Prompt Text: Group Root DN (Location to be searched for groups)
Description: This is similar to the DN property for users, but identifies a DN node for groups rather than for users.
Property: grouprootdn
Value: ou=groups,dc=mydomain,dc=com
Prompt Text: Group Object Class
Description: Specifies that the identified object is a group and is used to categorize nodes as group nodes. The login module uses this parameter when searching for groups.
Property: groupobjclass
Value: groupOfUniqueNames
Group Mapping Configuration
For background information on Group Mapping Configuration, see Mapping User and Group Fields.
Group Resolution Configuration
Prompt Text: Membership Attribute is on Group Object
Description: Specifies whether the login module searches users in a group or groups in a user. The login module searches groups in a user.
Property: memberinfoingroups
Value: The possible values are:
*Yes/true - The login module searches users in a group.
*No/false - Default value.
Prompt Text: Membership Attribute
Description: The login module uses this parameter when performing member-search operations. The meaning of this parameter depends on the value of property memberinfoingroups.
Property: memberinfoingroups
Value: The possible values are:
*true: The property mattr points from a group to the users that are members of this group.
*false: The property mattr points from a user entry to the groups that the user is a member of.
Property: mattr
Value: uniqueMember
Prompt Text: Recursive Depth for Group Search
Description: Specifies the depth in the tree to which the nested groups should be searched.
Property: recursiveSearchDepth