Software AG Infrasructure 10.7 | Setting Up Security | Using the LDAP Framework
 
Using the LDAP Framework
LDAP framework is an OSGi service that uses dynamic configuration properties files to configure an LDAP directory. The default dynamic configurations properties file is stored in the Software AG_directory \profiles\profile_name\configuration\com.softwareag.platform.config.propsloader directory. The aliases from these files are used in the JAAS configuration file.
The LDAP configuration behavior depends on the URL property in the JAAS configuration file. The following table describes the LDAP behavior in relation to the URL property.
Pattern
LDAP Behavior
URL property is set in jaas.config, but no aliases are set
LDAP login module uses only the server configured via the JAAS configuration file.
URL property is not set in jaas.config, and no aliases are set
LDAP login module uses all servers configured via the LDAP dynamic configuration.
URL property is not set in jaas.config, but aliases are set
LDAP login module uses only the servers configured via the LDAP dynamic configuration with matching aliases.
These properties are used with their default values the first time you start your product. The dynamic configuration properties files must follow specific naming conventions. The following table describes the dynamic configuration parameters for all LDAP connections.
Parameter
Description
watt.server.ldap. DNescapeChars
String. Specifies which characters to escape when building LDAP queries. Valid values: all symbols. No default.
watt.server.ldap. retryCount
Long. Specifies how much retries can be performed on LDAP connections before giving up. Valid values are any positive Long number. The default value is 0.
watt.server.ldap. DNstripQuotes
Boolean. Specifies whether to remove quotes when building LDAP queries. Valid values are true (default) or false.
watt.server.ldap. extendedProps
String. Specifies the additional JNDI properties to be set. No default.
watt.server.ldap. retryWait
Long. Specifies how many milliseconds to wait between retries. Valid values are any positive Long number. The default value is 0.
watt.server.ldap. doNotBind
Boolean. Specifies whether the login module should perform an actual binding to LDAP servers. Valid values are true or false (default).
watt.server.ldap. DNescapePairs
Pair of strings. Specifies whether to escape substitutions. Each time the login module meets the first member of the pair, it replaces it with the second member. Valid values are pairs. All string of characters are valid values for the members of the pair. No default.
watt.server.ldap. DNescapeURL
Boolean. Specifies whether to escape the URL when building LDAP queries. Valid values are true or false (default).
watt.server.ldap. ignore.server CertificateValidity
Boolean. Specifies whether the login module should ignore the error if it uses SSL but the server certificate is expired or not yet valid. Valid values are true or false (default).
watt.server.ldap. extendedMessages
Boolean. Specifies whether JNDI should use extended messages. Valid values are true or false (default).
watt.server.jndi. searchresult. maxlimit
Long. Specifies the maximal number of results the jndi can return when a search is performed. Valid values are any positive Long number. The default value is 0 (no limit).
watt.server.ldap. includeOnly ActiveGroups
Boolean. This option applies only to Integration Server. It is not used in the LDAP Framework. The login module uses this option to remove from the memory those groups that do not belong to both ACL and LDAP. Valid values are true (default) or false.
watt.server.ldap. disableEndpoint Identification
Boolean. Optional. Specifies whether to remove endpoint identification. Valid values are true or false (default).