/
LDAP Configuration entries < 11.5

LDAP Configuration entries < 11.5

Dec 28, 2017

These are the configuration entries that got used in version 11.4 and below.

For the new LDAP configuration entries got to Server Configuration File.

Web Setting

Config File Parameter

Config File Default Value

Config File Possible Values

Web Setting

Config File Parameter

Config File Default Value

Config File Possible Values

Enable LDAP authentication

ldap.enabled

false

  • true

  • false

Allow users not existing in LDAP directory

ldap.dbusers.allow

false

  • true

  • false

LDAP hostname

ldap.server.url

 

 Examples:

LDAP username

ldap.search.username

 

Examples:

Search context

ldap.search.base

 

Examples:

  • dc=example,dc=com

  • cn=users,dc=example,dc=com

Search match criteria

ldap.search.expression

 

Examples:

  • mail=$username

  • samAccountName=$username

  • userPrincipalName=$username

  • uid=$username

Enable access for users of a specific group only (the group cloudusers are used in the example below):

  • &(samAccountName=$username)(memberOf=CN=cloudusers,CN=users,DC=example,DC=com))

  • (&(sAMAccountName=$username)(memberOf=CN=cloudusers,OU=groups,OU=country,DC=example,DC=com))

Also works with nested groups, but requires matching rule object identifier.

Mail address mapping

ldap{2|3}.search.mail_addresses

 

Example:

ldap.search.mail_addresses=mailAddresses

ldap3.search.mail_addresses=mailAddresses

Enable LDAP synchronization

Since: 10.0

ldap.sync.enabled

false

  • true

  • false

Type of LDAP synchronization

Since: 10.6

ldap{2|3}.sync.type

0

  • 0

  • 1

  • 2

Example:

ldap2.sync.type=1

Time interval for LDAP synchronization

Since: 10.6

 ldap{2|3}.sync.time

 

 Example:

ldap3.sync.time=2

Search match criteria for groups

Since: 10.0

ldap{2|3}.search.expression.groups

(|(objectClass=group)(objectCategory=group))

Examples:

  • (|(objectClass=group)(objectCategory=group))

Group member attribute

Since: 10.0

ldap{2|3}.search.groups.member

member

Examples:

  • member

Group and user "member of" attribute

Since: 10.0

ldap{2|3}.search.group.member_of

memberOf

Examples:

  • memberOf

Organization mapping

Since: 10.0

ldap{2|3}.search.org.depth

0

Examples:

  • 0 => No mapping

  • 1 => Single domain

  • 2 => Multi domain

  • 3 => Other

  • 4 => Other

  • 5 => Other

Enable ACL synchronization

Since: 10.0

import.acl_permissions.enabled

false

Examples:

  • true

  • false

Match accounts by mail attribute

Since: 10.1

ldap.accounts.match_email

true

  • true

  • false

Import match criteria

Since: 10.1

ldap.import.expression

 

(&(objectClass=person)(!(objectClass=computer)))

Mapping of username

Since: 10.2

ldap.search.account_name

sAMAccountName,uid

 

Mapping of given name

Since: 10.2

ldap.search.given_name

givenName

 

Mapping of common name

Since: 10.2

ldap.search.common_name

cn,commonName

 

Mapping of middle name

Since: 10.2

ldap.search.middle_name

middleName

 

Mapping of surname

Since: 10.2

ldap.search.surname

sn,surname

 

Mapping of the display name

Since: 10.2

ldap.search.display_name

displayName,name

 

Mapping of telephone number

Since: 10.2

ldap.search.telephone

mobileTelephoneNumber,telephoneNumber,mobile

 

Mapping of account expiration date

Since: 10.2

ldap.search.expiration

accountExpires

ISO-8601, unix timestamp or yyyyMMddHHmmss

Mapping of date the account is valid from

Since: 11

ldap{2|3}.search.valid_from

validFrom

ISO-8601, unix timestamp or yyyyMMddHHmmss

Sync LDAP groups

ldap.sync_groups.enabled

false

  • true

  • false

Sync LDAP groups expression

ldap.search.expression.groups

(|(objectClass=group)(objectClass=groupOfNames)(objectCategory=group))

  • true

  • false