en.help.ref-ldaprealmprop.html Maven / Gradle / Ivy
Properties Specific to the LDAPRealm Class
The following properties are required for an LDAP realm.
- JAAS Context
The JAAS (Java Authentication and Authorization Service) context (the identifier for the login module to use for this realm). The only valid value is solarisRealm.
- Directory
The LDAP URL for your server.
- Base DN
The LDAP base distinguished name (DN) for the location of user data. This base DN can be at any level above the user data, since a tree scope search is performed. The smaller the search tree, the better the performance.
The following optional property is available for an LDAP realm.
- Assign Groups
A comma-separated list of group names. All clients who present valid certificates are assigned to these groups, for example, employee,manager, where these are the names of user groups.
The following additional properties are available for an LDAP realm.
- search-filter
The search filter to use to find the user. The default is uid=%s (%s expands to the subject name).
- group-base-dn
The base DN for the location of group data. By default, it is same as the Base DN value, but it can be tuned, if necessary.
- group-search-filter
The search filter to find group memberships for the user. The default is uniquemember=%d (%d expands to the user element DN).
- group-target
The LDAP attribute name that contains group name entries. The default is CN.
- search-bind-dn
An optional DN used to authenticate to the directory for performing the search-filter lookup. Only required for directories that do not allow anonymous search.
- search-bind-password
The LDAP password for the DN given in search-bind-dn .