Administrator Server Configuration: Edit LDAP Authentication Realm

Field Description
Bind DN Name The superuser's distinguished name or superuser's name to be used to connect to the server.

Default: uid=Manager,ou=people,dc=example,dc=com

Password LDAP server password.

Default: None

Context Factory The factory object that provides the starting point for resolution of names within the LDAP server.

Default: com.sun.jndi.ldap.LdapCtxFactory

Machine Name Port List Comma-separated list of URLs for an LDAP server. To achieve fault tolerance, you can specify multiple URLs. For example:

   ldap://server1.example.com:686,ldap://server2.example.com:1686

Default: machineName:389, where machinename is the machine on which TIBCO Configuration Tool is being executed.

Fetch DN Retrieves the base DN of the LDAP server.
User Search Configuration
User Search Base DN Base distinguished name from which the search starts.

Default: ou=people,ou=na,dc=example,dc=org

User Search Expression The expression used for searching a user. For example: (CN=%U). "%U" is replaced by the username being searched for. You can define any complex filter such as (&(cn=%U)(objectClass=account)).

Default: (&(uid={0})(objectclass=person))

User Attribute with User Name The name of the attribute in the user object that contains the user's name.

Default: uid

Search Timeout (ms) The time to wait for a response from the LDAP directory server.

Default: 30000

Follow Referrals Whether to follow LDAP referrals. When selected, requests to LDAP can be redirected to another server.

Select this field to indicate that the LDAP information might be available at another location, or possibly at another server or servers.

Note: Ask your LDAP administrator whether LDAP referrals are used in your domain.
Field Description
Group Indication (optional) Specifies how a user’s group memberships are found. Administrator uses group information when a user, once authenticated, performs other activities in the system. Options:
  • Group has users - List of users that belong to the group. When selected, the Group Attribute with User Names field is enabled.
  • User has groups - List of groups to which the user belongs. When selected, the User Attribute with Group Names field is enabled.

Default: Group has users.

Group Search Base DN (optional) Base distinguished name from which the search for the group starts.

Default: ou=groups,ou=na,dc=example,dc=org.

Group Search Expression (optional) Search by matching this expression against potential groups.

Default: (&(cn={0})(objectClass=groupofuniquenames)).

Group Attribute with User Names (optional) Name of the attribute in the group object containing its users.

Example: uniqueMember (OpenLDAP) or member (ActiveDirectory).

Default: uniqueMember.

Group Attribute with Group Name (optional) Name of the attribute in the group object that contains the name of the group.

Example: cn (OpenLDAP) or sAMAccountName (ActiveDirectory).

Default: cn.

Group Attribute Subgroup Names (optional) Name of the attribute in the group object that contains its subgroups.

Example: uniqueMember (OpenLDAP) or member (ActiveDirectory).

Default: uniqueMember.

User Attribute with Group Names Name of the attribute in the user object that lists the groups to which the user belongs.

Default: None.

Group Search Scope Subtree When searching the group, indicate whether to traverse into the subtree or to search only under the group base distinguished name.

Default: Selected.

Field Description
LDAP Realm
User Search Scope Subtree Select to have the search include the entire subtree starting at the base DN. Otherwise, search only the nodes one level below the base DN.

Default: Selected.

Security Authentication

Value of Simple Authentication and Security Layer (SASL) authentication protocol to use. Values are implementation-dependent. Some possible values are simple, none, strong.

Default: simple.

LDAP Authentication
User DN Template (optional) Template by which the User DN, used to connect to the LDAP server, is generated. Because the full DN is always supplied, the template should always be 0 (zero).

Default: uid={0},ou=people,ou=na,dc=org.

User Attributes Extra (optional) List of user attributes to retrieve from the LDAP directory during authentication.

Default: Empty (no additional attributes will be retrieved for the user).

LDAP Server is SSL Enabled Select to enable the LDAP server for SSL. When selected, the SSL Keystore Configuration fields are enabled.

Default: Cleared.

Test Connection Click the Test Connection button to ensure that you can connect to the LDAP database.
Field Description
SSL KeyStore Configuration:
Create a Trust Store Invokes a wizard to obtain certificates from the specified server and create the trust store:
  1. Click Create a Trust Store.
  2. Specify a password to protect the keystore and click Next. The SSL setup wizard displays the certificates imported from the server.
  3. In the Trusted Certificates area, select the certificates to trust and click Finish. The wizard fills in the Keystore Location, Keystore Type and Keystore Password fields.

    If you do not click Create a Trust Store, you must specify the details of an existing trust store that can be used to establish the trust relationship with the server.

Trust Keystore Location Either:
  • the location in which the created trust store will be stored, or
  • the location of the trust store to be uploaded to ActiveMatrix Administrator. (You can either type this directly or click Browse to find it.)