Version 9.6
 —  LoginModules Guide  —

Using the LDAP Framework


Overview

LDAP framework is an OSGi service that uses dynamic configuration properties files for configuring an LDAP directory. The aliases from these dynamic configuration files are used in the JAAS configuration file.

The LDAP configuration behavior depends on the url property in the JAAS configuration file. The following behavior patterns exist:

Top of page

Dynamic Configuration Properties

The default dynamic configurations properties file is available in your installation under <Software AG_install directory>\profiles\<Profile_name>\configuration\com.softwareag.platform.config.propsloader. These properties are used with their default values the first time you start your profile. The dynamic configuration properties files must follow specific naming conventions.

The following table outlines the dynamic configuration properties for all LDAP connections.

Parameter Description
watt.server.ldap.DNescapeChars

String.

Specifies which characters to escape when building LDAP queries.

Valid values: all symbols.

No default value.

watt.server.ldap.retryCount

Long. Specifies how much retries can be performed on LDAP connections before giving up.

A valid value is any positive Long number (including 0).

The default value is 0.

watt.server.ldap.DNstripQuotes

Boolean. Specifies whether to remove quotes when building LDAP queries.

Valid values are:

  • true - Default value. The login module removes quotes when building LDAP queries.

  • false - The login module does not remove quotes when building LDAP queries.

watt.server.ldap.extendedProps

String. Specifies the additional JNDI properties to be set.

No default value.

watt.server.ldap.retryWait

Long. Specifies how many milliseconds to wait between retries.

A valid value is any positive Long number (including 0).

The default value is 0.

watt.server.ldap.doNotBind

Boolean. Specifies whether the login module should perform an actual binding to LDAP servers.

Valid values are:

  • true - The login module does not perform an actual binding to LDAP servers.

  • false - Default value. The login module performs an actual binding to LDAP servers.

watt.server.ldap.DNescapePairs

A pair of strings.

Specifies whether to escape substitutions. Each time the login module meets the first member of the pair, it replaces it with the second member.

Valid values are pairs. All string of characters are valid values for the members of the pair.

No default value.

watt.server.ldap.DNescapeURL

Boolean. Specifies whether to escape the URL when building LDAP queries.

Valid values are:

  • true - The login module escapes the URL when building LDAP queries.

  • false - Default value. The login module does not escape the URL when building LDAP queries.

watt.server.ldap.ignore.serverCertificateValidity

Boolean. Specifies whether the login module should ignore the error if it uses SSL but the server certificate is expired or not yet valid.

Valid values are:

  • true - The login module ignores the error.

  • false - Default value. The login module does not ignore the error.

watt.server.ldap.extendedMessages

Boolean. Specifies whether JNDI should use extended messages.

Valid values are:

  • true - JNDI uses extended messages.

  • false - Default value. JNDI does not use extended messages.

watt.server.jndi.searchresult.maxlimit

Long. Specifies the maximal number of results the jndi can return when a search is performed.

A valid value is any positive Long number (including 0).

The default value is 0 (no limit).

watt.server.ldap.includeOnlyActiveGroups

Boolean. This option applies only to Integration Server. It is not used in the LDAP Framework. The login module uses this option to remove from the memory those groups that do not belong to both ACL and LDAP.

Valid values are:

  • true - Default value.

  • false

Top of page