LDAP Authentication Properties for the CDD File

These are LDAP authentication properties used in the CDD file.

Property Notes
be.auth.ldap.type
  Use this property to only if you want to use OpenLDAP for LDAP authentication. The property is not required for Oracle directory server or Windows Active Directory server.

Set his property to openldap to use the RMS server with OpenLDAP

be.auth.ldap.port
  Specifies the port for LDAP authentication.
be.auth.ldap.adminDN
  Specifies the base distinguished name (DN) for admin login.

For example:

cn=Directory Administrators, dc=na, dc=tibco, dc=com.
be.auth.ldap.adminPassword
  Specifies the password for the LDAP administrator DN.
be.auth.ldap.baseDN
  Specifies the base tree in LDAP under which users can be searched. For example, dc=na, dc=tibco, dc=com.
be.auth.ldap.roleAttr
  Specifies the name of the attribute used by the LDAP server for role information of a user. Set the value to member for RMS server with OpenLDAP

Default value is nsroledn (for Oracle Directory Server).

be.auth.ldap.uidattr
  Specifies the name of the attribute used by the LDAP server for user name information. Allowable values are as follows:
  • uid for Oracle Directory Server
  • cn for ActiveDirectory.

Default value is uid.

be.auth.ldap.useRoleDN
  Set this property to true to use the fully qualified name of the attribute used by the LDAP server for role information of a user.

Set this property to false to use only the name of the attribute, which is shown in the notes for the be.auth.ldap.uidAttr property.

Default value is true.

be.auth.ldap.objectClass
  Specifies the ObjectClass attribute value for DS.

Many object classes can exist, for example, inetOrgPerson on Oracle Directory Server, and user on Active Directory.

If search should span all object classes, keep this value empty or specify an asterisk ("*").

be.auth.ldap.dnAttr
  Specifies the name of the attribute that contains the fully qualified name.

Default value is distinguishedName.

be.auth.ldap.ssl
  Specifies a secure connection to the LDAP host is to be established.

Default value is false. Set the property to true to enable a secure connection.