LDAP framework is an OSGi service that uses dynamic configuration properties files for configuring an LDAP directory. The aliases from these dynamic configuration files are used in the JAAS configuration file.
The LDAP configuration behavior depends on the
url
property in the JAAS configuration file. The
following behavior patterns exist:
If the url
property is set in the JAAS
configuration file, but no aliases are set, the LDAP login module uses only the
server configured via the JAAS configuration file.
If the url
property is not set in the JAAS
configuration file, and no aliases are set, the LDAP login module uses all
servers configured via the LDAP dynamic configuration.
If the url
property is not set in the JAAS
configuration file, but aliases are set, the LDAP login module uses only the
servers configured via the LDAP dynamic configuration with matching
aliases.
The default dynamic configurations properties file is available in your installation under <Software AG_install directory>\profiles\<Profile_name>\configuration\com.softwareag.platform.config.propsloader. These properties are used with their default values the first time you start your profile. The dynamic configuration properties files must follow specific naming conventions.
The following table outlines the dynamic configuration properties for all LDAP connections.
Parameter | Description |
---|---|
watt.server.ldap.DNescapeChars |
String. Specifies which characters to escape when building LDAP queries. Valid values: all symbols. No default value. |
watt.server.ldap.retryCount |
Long. Specifies how much retries can be performed on LDAP connections before giving up. A valid value is any positive Long number (including 0). The default value is 0. |
watt.server.ldap.DNstripQuotes |
Boolean. Specifies whether to remove quotes when building LDAP queries. Valid values are:
|
watt.server.ldap.extendedProps |
String. Specifies the additional JNDI properties to be set. No default value. |
watt.server.ldap.retryWait |
Long. Specifies how many milliseconds to wait between retries. A valid value is any positive Long number (including 0). The default value is 0. |
watt.server.ldap.doNotBind |
Boolean. Specifies whether the login module should perform an actual binding to LDAP servers. Valid values are:
|
watt.server.ldap.DNescapePairs |
A pair of strings. Specifies whether to escape substitutions. Each time the login module meets the first member of the pair, it replaces it with the second member. Valid values are pairs. All string of characters are valid values for the members of the pair. No default value. |
watt.server.ldap.DNescapeURL |
Boolean. Specifies whether to escape the URL when building LDAP queries. Valid values are:
|
watt.server.ldap.ignore.serverCertificateValidity |
Boolean. Specifies whether the login module should ignore the error if it uses SSL but the server certificate is expired or not yet valid. Valid values are:
|
watt.server.ldap.extendedMessages |
Boolean. Specifies whether JNDI should use extended messages. Valid values are:
|
watt.server.jndi.searchresult.maxlimit |
Long. Specifies the maximal number of results the jndi can return when a search is performed. A valid value is any positive Long number (including 0). The default value is 0 (no limit). |
watt.server.ldap.includeOnlyActiveGroups |
Boolean. This option applies only to Integration Server. It is not used in the LDAP Framework. The login module uses this option to remove from the memory those groups that do not belong to both ACL and LDAP. Valid values are:
|