en.help.ref-ldaprealmprop.html Maven / Gradle / Ivy
Show all versions of console-common Show documentation
Properties Specific to the LDAPRealm Class
The following properties are required for an LDAP realm.
- JAAS Context
-
The JAAS (Java Authentication and Authorization Service) context (the identifier for the login module to use for this realm). The only valid value is solarisRealm.
- Directory
-
The LDAP URL for your server.
- Base DN
-
The LDAP base distinguished name (DN) for the location of user data. This base DN can be at any level above the user data, since a tree scope search is performed. The smaller the search tree, the better the performance.
The following optional property is available for an LDAP realm.
- Assign Groups
-
A comma-separated list of group names. All clients who present valid certificates are assigned to these groups, for example, employee,manager, where these are the names of user groups.
The following additional properties are available for an LDAP realm.
search-filter-
The search filter to use to find the user. The default is uid=%s (%s expands to the subject name).
group-base-dn-
The base DN for the location of group data. By default, it is same as the Base DN value, but it can be tuned, if necessary.
group-search-filter-
The search filter to find group memberships for the user. The default is uniquemember=%d (%d expands to the user element DN).
group-target-
The LDAP attribute name that contains group name entries. The default is CN.
search-bind-dn-
An optional DN used to authenticate to the directory for performing the search-filter lookup. Only required for directories that do not allow anonymous search.
search-bind-password-
The LDAP password for the DN given in search-bind-dn.
Copyright © 2005, 2017, Oracle and/or its affiliates. All rights reserved. Legal Notices