LDAP Configuration entries < 11.5
These are the configuration entries that got used in version 11.4 and below.
For the new LDAP configuration entries got to Server Configuration File.
Web Setting | Config File Parameter | Config File Default Value | Config File Possible Values |
---|---|---|---|
Enable LDAP authentication | ldap.enabled | false |
|
Allow users not existing in LDAP directory | ldap.dbusers.allow | false |
|
LDAP hostname | ldap.server.url | Â | Â Examples: |
LDAP username | ldap.search.username | Â | Examples:
|
Search context | ldap.search.base | Â | Examples:
|
Search match criteria | ldap.search.expression | Â | Examples:
Enable access for users of a specific group only (the group cloudusers are used in the example below):
Also works with nested groups, but requires matching rule object identifier. |
Mail address mapping | ldap{2|3}.search.mail_addresses | Â | Example:
ldap3.search.mail_addresses=mailAddresses |
Enable LDAP synchronization Since: 10.0 | ldap.sync.enabled | false |
|
Type of LDAP synchronization Since: 10.6 | ldap{2|3}.sync.type | 0 |
Example: ldap2.sync.type=1 |
Time interval for LDAP synchronization Since: 10.6 | Â ldap{2|3}.sync.time | Â | Â Example: ldap3.sync.time=2 |
Search match criteria for groups Since: 10.0 | ldap{2|3}.search.expression.groups | (|(objectClass=group)(objectCategory=group)) | Examples:
|
Group member attribute Since: 10.0 | ldap{2|3}.search.groups.member | member | Examples:
|
Group and user "member of" attribute Since: 10.0 | ldap{2|3}.search.group.member_of | memberOf | Examples:
|
Organization mapping Since: 10.0 | ldap{2|3}.search.org.depth | 0 | Examples:
|
Enable ACL synchronization Since: 10.0 | import.acl_permissions.enabled | false | Examples:
|
Match accounts by mail attribute Since: 10.1 | ldap.accounts.match_email | true |
|
Import match criteria Since: 10.1 | ldap.import.expression | Â | (&(objectClass=person)(!(objectClass=computer))) |
Mapping of username Since: 10.2 | ldap.search.account_name | sAMAccountName,uid | Â |
Mapping of given name Since: 10.2 | ldap.search.given_name | givenName | Â |
Mapping of common name Since: 10.2 | ldap.search.common_name | cn,commonName | Â |
Mapping of middle name Since: 10.2 | ldap.search.middle_name | middleName | Â |
Mapping of surname Since: 10.2 | ldap.search.surname | sn,surname | Â |
Mapping of the display name Since: 10.2 | ldap.search.display_name | displayName,name | Â |
Mapping of telephone number Since: 10.2 | ldap.search.telephone | mobileTelephoneNumber,telephoneNumber,mobile | Â |
Mapping of account expiration date Since: 10.2 | ldap.search.expiration | accountExpires | ISO-8601, unix timestamp or yyyyMMddHHmmss |
Mapping of date the account is valid from Since: 11 | ldap{2|3}.search.valid_from | validFrom | ISO-8601, unix timestamp or yyyyMMddHHmmss |
Sync LDAP groups | ldap.sync_groups.enabled | false |
|
Sync LDAP groups expression |
| (|(objectClass=group)(objectClass=groupOfNames)(objectCategory=group)) |
|