LDAP Authentication Properties for the CDD File
To avoid conflict with properties used by other components that use authentication, a parallel set of properties (for the TRA and CDD file) is used for MM configuration. These are LDAP authentication properties used in the CDD file.
Property | Notes |
---|---|
be.auth.ldap.type |
|
Use this property to only if you want to use OpenLDAP for LDAP authentication. The property is not required for Oracle directory server or Windows Active Directory server.
Set his property to openldap to use the RMS server with OpenLDAP |
|
be.auth.ldap.port be.mm.auth.ldap.port |
|
Specifies the port for LDAP authentication. | |
be.auth.ldap.adminDN be.mm.auth.ldap.adminDN |
|
Specifies the base distinguished name (DN) for admin login.
For example: cn=Directory Administrators, dc=na, dc=tibco, dc=com. |
|
be.auth.ldap.adminPassword be.mm.auth.ldap.adminPassword |
|
Specifies the password for the LDAP administrator DN. | |
be.auth.ldap.baseDN be.mm.auth.ldap.baseDN |
|
Specifies the base tree in LDAP under which users can be searched. For example, dc=na, dc=tibco, dc=com. | |
be.auth.ldap.roleAttr be.mm.auth.ldap.roleAttr |
|
Specifies the name of the attribute used by the LDAP server for role information of a user. Set the value to
member for RMS server with OpenLDAP
Default value is nsroledn (for Oracle Directory Server). |
|
be.auth.ldap.uidattr be.mm.auth.ldap.uidattr |
|
Specifies the name of the attribute used by the LDAP server for username information. Allowable values are as follows:
uid for Oracle Directory Server cn for ActiveDirectory. Default value is uid. |
|
be.auth.ldap.useRoleDN be.mm.auth.ldap.useRoleDN |
|
Set this property to true to use the fully qualified name of the attribute used by the LDAP server for role information of a user.
Set this property to false to use only the name of the attribute, which is shown in the notes for the be.auth.ldap.uidAttr property. Default value is true. |
|
be.auth.ldap.objectClass be.mm.auth.ldap.objectClass |
|
Specifies the
ObjectClass attribute value for DS.
Many object classes can exist, for example, inetOrgPerson on Oracle Directory Server, and user on Active Directory. If search should span all object classes, keep this value empty or specify an asterisk ("*"). |
|
be.auth.ldap.dnAttr be.mm.auth.ldap.dnAttr |
|
Specifies the name of the attribute that contains the fully qualified name.
Default value is distinguishedName. |
|
be.auth.ldap.ssl be.mm.auth.ldap.ssl |
|
Specifies a secure connection to the LDAP host is to be established.
Default value is false. Set the property to true to enable a secure connection. |