com.tibco.asg.intent.usernameToken
|
| |
Boolean intent property indicates if the LDAP authentication method can be enforced on the request message or not. Possible values are true or false.
If the value of this property set to true, the request message must contain a valid username token.
|
com.tibco.trinity.runtime.core.provider.authn.ldap.initialCtxFactory
|
| |
Specifies the name of the JNDI Factory to use.
The default value is com.sun.jndi.ldap.LdapCtxFactory (Sun's LdapCtxFactory).
Optional.
|
com.tibco.trinity.runtime.core.provider.authn.ldap.serverURL
|
| |
- Specifies the URL to connect to the LDAP directory server. TIBCO API Exchange Gateway supports list of multiple values separated by comma to configure LDAP server in a high availability and fault tolerant setup.
- The LDAP URL is defined as:
ldap://hostname1:port ,
ldap://hostname2:port
- The LDAP SSL URL is defined as:
ldaps://hostname1:port,
ldaps://hostname2:port,
- Required.
|
com.tibco.trinity.runtime.core.provider.authn.ldap.searchTimeOut
|
| |
The time (in milliseconds) to wait for a response from the LDAP directory server. A value of
0 causes it to wait indefinitely. If a negative number is specified, it uses the provider's default setting.
Optional.
|
com.tibco.trinity.runtime.core.provider.authn.ldap.userAttributeUsersName
|
| |
The name of the attribute in the user object that represents the user's name. The value depends on what LDAP server is used. If you are use ActiveDirectory LDAP Server, set this value as CN. If SunOne or OpenLDAP LDAP Server is used, set this value as
uid.
Optional.
|
com.tibco.trinity.runtime.core.provider.authn.ldap.userAttributesExtra
|
| |
Specifies the optional list of user attributes to retrieve from the LDAP directory during authentication. Separation characters for the list of user attributes are comma, any ASCII whitespace or semicolon.
For example, mail givenname
Optional.
|
com.tibco.trinity.runtime.core.provider.authn.ldap.userSearchBaseDN
|
| |
Specifies the base distinguished name (DN) where the searches for the users begin. You must supply the base DN that narrows the search to the smallest set of objects that includes all valid users. This is relevant only when used with administrator's credentials in search mode.
For example, ou=people,ou=na,dc=example,dc=org
Required in admin (search) mode.
|
com.tibco.trinity.runtime.core.provider.authn.ldap.userSearchExpression
|
| |
Specifies the expression to be used for searching in admin mode against potential user objects. For example, search expression is specified as: (&(uid={0})(objectClass=person)).
In this string, the variable {0} represents the name of the user. The code substitutes the user name for this variable, and passes the resulting boolean expression to the LDAP server. The LDAP server matches that search expression against user objects to find a match. The search result must contain exactly one match.
This property is relevant only when credentialProvider property is set and the binding is done as administrator; otherwise userDNTemplate is used.
Required in admin (search) mode.
|
com.tibco.trinity.runtime.core.provider.authn.ldap.userDNTemplate
|
| |
Specifies a template to be used when formatting user's DN before binding. It is used as an alternative to admin (search) mode.
For example, uid={0},ou=employee,ou=tsi,o=tibco
Required for bind mode (not in admin search mode).
|
com.tibco.trinity.runtime.core.provider.authn.ldap.userAttributeGroupsName
|
| |
If you specified "LDAP user indicates groups" (as either userHasGroups or userDNHasGroups) then you must supply the name of the attribute in each user object that lists the groups to which the user belongs. Otherwise, this parameter is not relevant. Mandatory when relevant.
|
com.tibco.trinity.runtime.core.provider.authn.ldap.userAttributesExtraList
|
| |
Same as userAttributesExtra property but this is specified in list form.
Optional.
|
com.tibco.trinity.runtime.core.provider.authn.ldap.userSearchScopeSubtree
|
| |
A Boolean property which determines if the entire sub-tree is searched or not. If true value is specified, the entire sub-tree starting at the base DN is searched. Otherwise, the nodes one level below the base DN is searched.
Optional.
|
com.tibco.trinity.runtime.core.provider.authn.ldap.groupSearchBaseDN
|
| |
Specifies the base distinguished name (DN) where the searches for the groups begin. You must supply the base DN that narrows the search to the smallest set of objects that includes all valid groups.
For example, ou=groups,ou=na,dc=example,dc=org
The default value is empty.
Optional.
|
com.tibco.trinity.runtime.core.provider.authn.ldap.enableNestedGroupSearch
|
| |
Indicates the flag to determine if nested groups should be searched for. If the value is not set to true, the groups are only returned in which the user is the direct member.
The default value is false.
Optional.
|
com.tibco.trinity.runtime.core.provider.authn.ldap.groupSearchExpression
|
| |
Specifies the expression to be used for searching against potential groups. For example, search expression is specified as: (&(uid={0})(objectClass=person)).
In this string, the variable {0} represents the name of the user though. The code substitutes the user name for this variable, and passes the resulting boolean expression to the LDAP server. The LDAP server matches that search expression against groups to find all groups containing the username.
The values might be different for different LDAP server.
For example, its defined as uniquemember={0} for SunOne, cn={0} for OpenLDAP, member={0} for Active Directory.
Required.
|
com.tibco.trinity.runtime.core.provider.authn.ldap.groupSearchScopeSubtree
|
| |
A Boolean property which determines if the entire sub-tree is searched or not. If the value
true is specified, the entire sub-tree starting at the base DN for groups is searched. Otherwise, the nodes one level below the base DN is searched.
Optional.
|
com.tibco.trinity.runtime.core.provider.authn.ldap.groupIndication
|
| |
Specifies how the group memberships for users are found.
The default value is noGroupInfo.
Optional.
Possible values are as follows:
- If the value has userHasGroups,you must specify the attribute name which points the groups the user belongs to in the userAttributeGroupsName property.
- If the value has userDNHasGroups,the userAttributeGroupsName property has the attribute name which hold the DNs of groups to which the user belongs. You must specify groupAttributeGroupsName property to get a specific part of the DN name.
- If the value has groupHasUsers,each group object includes a list of users that belong to the group.
- If the value has noGroupInfo, group memberships are not handled.
|
com.tibco.trinity.runtime.core.provider.authn.ldap.groupAttributeGroupsName
|
| |
Depending on groupIndication's value:
groupHasUsers: group attribute holding the group's name. Example value for OpenLDAP: cn, for Active Directory: sAMAccountName. Mandatory.
userHasGroups: group's name part holding group's name. If not specified the group's whole DN will be used. Example cn
otherwise ignored
|
com.tibco.trinity.runtime.core.provider.authn.ldap.groupAttributeSubgroupsName
|
| |
Specifies the name of the attribute in each group object denoting subgroups.
For example, the value is defined as uniqueMember for OpenLDAP server, member for ActiveDirectory LDAP server.
Optional
|
com.tibco.trinity.runtime.core.provider.authn.ldap.groupAttributeUsersName
|
| |
Specifies the attribute name if the groupIndication property has groupHasUsers value. It specifies the name of the attribute in each group object denoting its users.
For example, the value is uniqueMember for OpenLDAP, member for ActiveDirectory Server.
Required if the groupIndication property has groupHasUsers value.
|
followReferrals
|
| |
Determines if the client follow referrals returned by the LDAP server.
The default value is false.
Optional.
|
| LDAP SSL
|
com.tibco.trinity.runtime.core.provider.identity.trust.trustStoreServiceProvider
|
| |
Specifies the Identity trust provider configuration to provide SSL support for LDAP.
|
com.tibco.trinity.runtime.core.provider.credential.keystore.truststore.keyStoreLocation
|
| |
Specifies the location of the keystore for the credentials.
|
com.tibco.trinity.runtime.core.provider.credential.keystore.truststore.keyStorePassword
|
| |
Specifies the location of the keystore for the credentials.
|
com.tibco.trinity.runtime.core.provider.credential.keystore.truststore.keyStoreRefreshInterval
|
| |
Specifies the refresh interval (milliseconds).
|
com.tibco.trinity.runtime.core.provider.credential.keystore.truststore.keyStoreType
|
| |
Specifies the keystore type. Supported formats are JKS,PKCS12.
|
