LDAP Configuration entries < 11.5

These are the configuration entries that got used in version 11.4 and below.

For the new LDAP configuration entries got to Server Configuration File.

Web Setting	Config File Parameter	Config File Default Value	Config File Possible Values
Enable LDAP authentication	`ldap.enabled`	`false`	`true` `false`
Allow users not existing in LDAP directory	`ldap.dbusers.allow`	false	`true` `false`
LDAP hostname	`ldap.server.url`		Examples: `ldap.example.com` `ldap://ldap.example.com` `ldap://ldap.example.com:389` `ldaps://ldap.example.com:389`
LDAP username	`ldap.search.username`		Examples: `administrator@example.com` `ldap.search.username=unixusername` `cn=administrator,cn=users,dc=example,dc=com`
Search context	`ldap.search.base`		Examples: `dc=example,dc=com` `cn=users,dc=example,dc=com`
Search match criteria	`ldap.search.expression`		Examples: `mail=$username` `samAccountName=$username` `userPrincipalName=$username` `uid=$username` Enable access for users of a specific group only (the group *cloudusers* are used in the example below): `&(samAccountName=$username)(memberOf=CN=cloudusers,CN=users,DC=example,DC=com))` `(&(sAMAccountName=$username)(memberOf=CN=cloudusers,OU=groups,OU=country,DC=example,DC=com))` Also works with nested groups, but requires matching rule object identifier.
Mail address mapping	`ldap{2\|3}.search.mail_addresses`		Example: `ldap.search.mail_addresses=mailAddresses` ldap3.search.mail_addresses=mailAddresses
Enable LDAP synchronization Since: 10.0	`ldap.sync.enabled`	`false`	`true` `false`
Type of LDAP synchronization Since: 10.6	ldap{2\|3}.sync.type	0	0 1 2 Example: ldap2.sync.type=1
Time interval for LDAP synchronization Since: 10.6	ldap{2\|3}.sync.time		Example: ldap3.sync.time=2
Search match criteria for groups Since: 10.0	`ldap{2\|3}.search.expression.groups`	`(\|(objectClass=group)(objectCategory=group))`	Examples: `(\|(objectClass=group)(objectCategory=group))`
Group member attribute Since: 10.0	`ldap{2\|3}.search.groups.member`	`member`	Examples: `member`
Group and user "member of" attribute Since: 10.0	`ldap{2\|3}.search.group.member_of`	`memberOf`	Examples: `memberOf`
Organization mapping Since: 10.0	`ldap{2\|3}.search.org.depth`	`0`	Examples: 0 => No mapping 1 => Single domain 2 => Multi domain 3 => Other 4 => Other 5 => Other
Enable ACL synchronization Since: 10.0	`import.acl_permissions.enabled`	`false`	Examples: `true` `false`
Match accounts by mail attribute Since: 10.1	`ldap.accounts.match_email`	`true`	`true` `false`
Import match criteria Since: 10.1	`ldap.import.expression`		`(&(objectClass=person)(!(objectClass=computer)))`
Mapping of username Since: 10.2	`ldap.search.account_name`	`sAMAccountName,uid`
Mapping of given name Since: 10.2	`ldap.search.given_name`	`givenName`
Mapping of common name Since: 10.2	`ldap.search.common_name`	`cn,commonName`
Mapping of middle name Since: 10.2	`ldap.search.middle_name`	`middleName`
Mapping of surname Since: 10.2	`ldap.search.surname`	`sn,surname`
Mapping of the display name Since: 10.2	`ldap.search.display_name`	`displayName,name`
Mapping of telephone number Since: 10.2	`ldap.search.telephone`	`mobileTelephoneNumber,telephoneNumber,mobile`
Mapping of account expiration date Since: 10.2	`ldap.search.expiration`	accountExpires	ISO-8601, unix timestamp or yyyyMMddHHmmss
Mapping of date the account is valid from Since: 11	`ldap{2\|3}.search.valid_from`	`validFrom`	ISO-8601, unix timestamp or yyyyMMddHHmmss
Sync LDAP groups	`ldap.sync_groups.enabled`	`false`	`true` `false`
Sync LDAP groups expression	`ldap.search.expression.groups`	`(\|(objectClass=group)(objectClass=groupOfNames)(objectCategory=group))`	`true` `false`