New LDAP Configuration with Version 11.5
General changes
- New LDAP configuration entries with the pattern: ldap.<index>.<extension>
- New entry ldap.<index>.username_suffixes: Contains comma-separated list of (sub-)domains for which the LDAP server is responsible
- ldap.enabled and ldap.dbusers.allow are obsolete and are set via security.auth.order=db,ldap
- security.auth.order contains only one LDAP entry. The sequence of queries is defined in the config file via the index.
- If you experience Error 500 when accessing 'Preferences' watch in your PowerFolder.config file if the security.auth.order Parameter still contains entries like ldap2 or ldap3. Delete those to solve this issue.
- All ldap.* (without index), ldap2.* and ldap3.* entries are obsolete and are transferred to the new entries, but remain in the configuration file with a leading x.
Extensions overview
Name | Former name | Type | Description | Default value | Changed |
---|---|---|---|---|---|
server.name | n/a | String | Describing name for the UI. | added | |
server.url | n/a | String | Server address should start with 'ldap://' and end with '/'. | n/a | |
search.username | n/a | String | Name of the user who is allowed to search the LDAP. | n/a | |
search.passwordobf | n/a | String | The hidden password of the search.user. Is generated automatically. | n/a | |
search.password | n/a | String | The password of the search.user. Is transferred to search. passwordobf and then deleted from the configuration file. | n/a | |
search.base | n/a | String | Description of the accounts in the LDAP tree, below which you want to search for users, groups, and organizations. | dc=company,dc=local | n/a |
search.org.depth | n/a | 0 - No organization mapping | To what depth below the search.base you want to search for and import organizations. | 0 | n/a |
search.expression | n/a | String | Search filter used to identify the user. $username is a placeholder replaced by the name of the user. | (|(sAMAccountName=$username)(mail=$username)(userPrincipalName=$username)(uid=$username)(distinguishedName=$username)) | n/a |
search.expression.groups | n/a | String | Search filters that identify the groups. | (|(objectClass=group)(objectClass=groupOfNames)(objectCategory=group)) | n/a |
search.groups.member | n/a | String | Attribute that identifies the members of a group. In an Active Directory, a group contains the member attributes. | member | n/a |
search.groups.member_of | n/a | String | Attribute that identifies the groups of a user. In an Active Directory, a user contains the memberOf attributes. | memberOf | n/a |
sync.type | n/a | 0 - No users 1 - Only already imported users 2 - All users in LDAP | How should users be imported from an LDAP/AD? | 0 | n/a |
sync.time | n/a | Integer | Time interval in hours between automatic user imports. | 0 | n/a |
accounts.match_email | n/a | Boolean | Should users known to the PowerFolder server be merged with information from LDAP/AD if the e-mail address matches? | true | n/a |
sync_groups.enabled | n/a | Boolean | Should groups be imported from LDAP/AD? | false | n/a |
import.expression | n/a | String | Filters that identify users. For OpenLDAPÂ | n/a | |
mapping.mail_addresses | search.mail_addresses | String | Comma-separated string containing the attributes to be added to a user as e-mails. | mail,mailAddresses,proxyAddresses | Â Name changed |
mapping.username | search.account_name | String | Comma-separated string containing the attributes that identify a user name. The first appropriate attribute is used to set the user name. | sAMAccountName,uid | Â Name changed |
mapping.given_name | search.given_name | String | Comma-separated string of attributes that identify the first name. | givenName | Â Name changed |
mapping.common_name | search.common_name | String | Comma-separated string of the attributes representing the common name, e. g. the full name, if it is a person. | cn,commonName | Â Name changed |
mapping.middle_name | search.middle_name | String | Comma-separated string of the attributes containing the middle names. | middleName | Â Name changed |
mapping.surname | search.surname | String | Comma-separated string of attributes containing the last name. | sn,surname | Â Name changed |
mapping.display_name | search.display_name | String | Comma-separated string of attributes containing the display name. | displayName,name | Â Name changed |
mapping.telephone | search.telephone | String | Comma-separated string of attributes containing telephone numbers. | mobileTelephoneNumber,telephoneNumber,mobile | Â Name changed |
mapping.expiration | search.expiration | String | Comma-separated string of the attributes that contain an expiration date for a user. | accountExpires | Â Name changed |
mapping.valid_from | search.valid_from | String | Comma-separated string of the attributes that contain a validity date for a user. | validFrom | Â Name changed |
mapping.quota | search.quota | String | Comma-separated string of the attributes that contain the quota for a user. | quota | Â Name changed |
mapping.quota.unit | quota.unit | String | Size unit for the quota of a user. | GB | Â Name changed |
server.username_suffixes | n/a | String | Comma-separated string of the user name suffixes to establish a mapping between user groups and an LDAP/AD server. | Added |