New LDAP Configuration with Version 11.5

General changes

  1. New LDAP configuration entries with the pattern: ldap.<index>.<extension>
  2. New entry ldap.<index>.username_suffixes: Contains comma-separated list of (sub-)domains for which the LDAP server is responsible
  3. ldap.enabled and ldap.dbusers.allow are obsolete and are set via security.auth.order=db,ldap
  4. security.auth.order contains only one LDAP entry. The sequence of queries is defined in the config file via the index.
    1. If you experience Error 500 when accessing 'Preferences' watch in your PowerFolder.config file if the security.auth.order Parameter still contains entries like ldap2 or ldap3. Delete those to solve this issue.
  5. All ldap.* (without index), ldap2.* and ldap3.* entries are obsolete and are transferred to the new entries, but remain in the configuration file with a leading x.

Extensions overview

NameFormer nameTypeDescriptionDefault valueChanged
server.namen/aStringDescribing name for the UI.
server.urln/aStringServer address should start with 'ldap://' and end with '/'.
search.usernamen/aStringName of the user who is allowed to search the LDAP.
search.passwordobfn/aStringThe hidden password of the search.user. Is generated automatically.
search.passwordn/aStringThe password of the search.user. Is transferred to search. passwordobf and then deleted from the configuration file.
search.basen/aStringDescription of the accounts in the LDAP tree, below which you want to search for users, groups, and organizations.dc=company,dc=localn/a

0 - No organization mapping
1 - Single Domain mapping
2 - Multi Domain Mapping

To what depth below the search.base you want to search for and import organizations.0n/a
search.expressionn/aStringSearch filter used to identify the user. $username is a placeholder replaced by the name of the user.(|(sAMAccountName=$username)(mail=$username)(userPrincipalName=$username)(uid=$username)(distinguishedName=$username))n/a
search.expression.groupsn/aStringSearch filters that identify the groups.(|(objectClass=group)(objectClass=groupOfNames)(objectCategory=group))n/a
search.groups.membern/aStringAttribute that identifies the members of a group. In an Active Directory, a group contains the member attributes.member


search.groups.member_ofn/aStringAttribute that identifies the groups of a user. In an Active Directory, a user contains the memberOf attributes.memberOfn/a
sync.typen/a0 - No users
1 - Only already imported users
2 - All users in LDAP
How should users be imported from an LDAP/AD?0n/a
sync.timen/aIntegerTime interval in hours between automatic user imports.0n/a
accounts.match_emailn/aBooleanShould users known to the PowerFolder server be merged with information from LDAP/AD if the e-mail address matches?truen/a
sync_groups.enabledn/aBooleanShould groups be imported from LDAP/AD?falsen/a

Filters that identify users. For OpenLDAP (objectClass=person) and for ActiveDirectory (&(objectClass=person)(!(objectClass=computer))) .

mapping.mail_addressessearch.mail_addressesStringComma-separated string containing the attributes to be added to a user as e-mails.mail,mailAddresses,proxyAddresses(warning) Name changed
mapping.usernamesearch.account_nameStringComma-separated string containing the attributes that identify a user name. The first appropriate attribute is used to set the user name.sAMAccountName,uid(warning) Name changed
mapping.given_namesearch.given_nameStringComma-separated string of attributes that identify the first name.givenName(warning) Name changed
mapping.common_namesearch.common_nameStringComma-separated string of the attributes representing the common name, e. g. the full name, if it is a,commonName(warning) Name changed
mapping.middle_namesearch.middle_nameStringComma-separated string of the attributes containing the middle names.middleName(warning) Name changed
mapping.surnamesearch.surnameStringComma-separated string of attributes containing the last,surname(warning) Name changed
mapping.display_namesearch.display_nameStringComma-separated string of attributes containing the display name.displayName,name(warning) Name changed
mapping.telephonesearch.telephoneStringComma-separated string of attributes containing telephone numbers.mobileTelephoneNumber,telephoneNumber,mobile(warning) Name changed
mapping.expirationsearch.expirationStringComma-separated string of the attributes that contain an expiration date for a user.accountExpires(warning) Name changed
mapping.valid_fromsearch.valid_fromStringComma-separated string of the attributes that contain a validity date for a user.validFrom(warning) Name changed
mapping.quotasearch.quotaStringComma-separated string of the attributes that contain the quota for a user.quota(warning) Name changed
mapping.quota.unitquota.unitStringSize unit for the quota of a user.GB(warning) Name changed
server.username_suffixesn/aStringComma-separated string of the user name suffixes to establish a mapping between user groups and an LDAP/AD server.
(plus) Added