Web Setting | Config File Parameter | Config File Default Value | Config File Possible Values | Restart Required | Description |
---|
Only a visual entry in Web UI | ldap.<index>.server.name | LDAP 0, LDAP 1, LDAP 2, ... | Any string | Yes | Describing name for the UI. |
LDAP hostname | ldap.<index>. server.url
|
| LDAP Server URL starting with ldap:// or ldaps:// Examples: | Yes | Contains the hostname, port and SSL settings of the directory server server. |
Username suffixes | ldap.<index>.server.username_suffixes |
| Examples: | Yes | Comma-separated string of the user name suffixes to establish a mapping between user groups and an LDAP/AD server. |
LDAP username | ldap.<index>.search.username |
| Example: administrator@example.com | Yes | The distinguished name of the user to use when connecting to the directory server. |
Setting not available via web | ldap.<index>. search.passwordobf
|
| Must not be set by user. | Yes | The hidden password of the search.user. Is generated automatically. |
LDAP password | ldap.<index>.password |
|
| Yes | The password of the search.user. Is transferred to search.passwordobf and then deleted from the configuration file.
|
Search context | ldap.<index>. search.base
| dc=company,dc=local |
| Yes | Description of the accounts in the LDAP tree, below which you want to search for users, groups, and organizations. |
Mapping of organization | ldap.<index>.search.org.depth
| 0 | 0=No organisation mapping 1=Single Domain mapping 2=Multi Domain Mapping | Yes | To what depth below the search.base you want to search for and import organizations. |
Search match criteria | ldap.<index>.search.expression | (|(sAMAccountName=$username)(mail=$username)(userPrincipalName=$username)(uid=$username)(distinguishedName=$username)) |
| Yes | Search filter used to identify the user. $username is a placeholder replaced by the name of the user. |
Search context for groups | ldap.<index>. search.expression.groups
| (|(objectClass=group)(objectClass=groupOfNames)(objectCategory=group)) |
| Yes | Search filters that identify the groups. |
Attribute identifying the member in a group | ldap.<index>. search.groups.member
| member |
| Yes | Attribute that identifies the members of a group. In an ActiveDirectory, a group contains the member attributes. |
Attribute identifying a group of a user | ldap.<index>.search.groups.member_of | memberOf |
| Yes | Attribute that identifies the groups of a user. In an ActiveDirectory, a user contains the memberOf attributes. |
Synchronize LDAP | ldap.<index>.sync.type
| 0 | 0=No users 1=Only already imported users 2=All users in LDAP | Yes | Rule how users should be imported from an LDAP/AD. |
Synchronize LDAP | ldap.<index>.sync.time | 0 |
| Yes | Time interval in hours between automatic user imports. |
Match accounts by mail attribute | ldap.<index>. accounts.match_email
| true | | Yes | Should users known to the PowerFolder server be merged with information from LDAP/AD if the e-mail address matches? |
Setting not available via web | ldap.<index>. sync_groups.enabled
| false | | Yes | Should groups be imported from LDAP/AD? |
Import match criteria | ldap.<index>. import.expression
|
| Example: (objectClass=person) (&(objectClass=person)(!(objectClass=computer)))
| Yes | Filters that identify users. For OpenLDAP (objectClass=person) and for ActiveDirectory (&(objectClass=person)(!(objectClass=computer))) |
Mapping of additional E-Mail addresses | ldap.<index>.mapping.mail_addresses | mail,mailAddresses,proxyAddresses |
| Yes | Comma-separated string containing the attributes to be added to a user as e-mails. |
Mapping of account name | ldap.<index>. mapping.username
| sAMAccountName,uid |
| Yes | Comma-separated string containing the attributes that identify a user name. The first appropriate attribute is used to set the user name. |
Mapping of given name | ldap.<index>. mapping.given_name
| givenName |
| Yes | Comma-separated string of attributes that identify the first name. |
Mapping of common name | ldap.<index>. mapping.common_name
| cn,commonName |
| Yes | Comma-separated string of the attributes representing the common name, e. g. the full name, if it is a person. |
Mapping of middle name | ldap.<index>. mapping.middle_name
| middleName |
| Yes | Comma-separated string of the attributes containing the middle names. |
Mapping of surname | ldap.<index>. mapping.surname
| sn,surname |
| Yes | Comma-separated string of attributes containing the last name. |
Mapping of the display name | ldap.<index>. display_name
| displayName,name |
| Yes | Comma-separated string of attributes containing the display name. |
Mapping of telephone number | ldap.<index>. mapping.telephone
| mobileTelephoneNumber,telephoneNumber,mobile |
| Yes | Comma-separated string of attributes containing telephone numbers. |
Mapping of account expiration date | ldap.<index>. mapping.expiration
| accountExpires |
| Yes | Comma-separated string of the attributes that contain an expiration date for a user. |
Mapping of date the account is valid from | ldap.<index>. mapping.valid_from
| validFrom |
| Yes | Comma-separated string of the attributes that contain a validity date for a user. |
Mapping of the account quota | ldap.<index>. mapping.quota
| quota |
| Yes | Comma-separated string of the attributes that contain the quota for a user. |
Setting not available via web | ldap.<index>. mapping.quota.unit
| GB | | Yes | Size unit for the quota of a user. |