LDAP Authentication Properties for the CDD File

To avoid conflict with properties used by other components that use authentication, a parallel set of properties (for the TRA and CDD file) is used for MM configuration. These are LDAP authentication properties used in the CDD file.

Property Notes
be.auth.ldap.type
  Use this property to only if you want to use OpenLDAP for LDAP authentication. The property is not required for Oracle directory server or Windows Active Directory server.

Set his property to openldap to use the RMS server with OpenLDAP

be.auth.ldap.port
be.mm.auth.ldap.port
  Specifies the port for LDAP authentication.
be.auth.ldap.adminDN
be.mm.auth.ldap.adminDN
  Specifies the base distinguished name (DN) for admin login.

For example:

cn=Directory Administrators, dc=na, dc=tibco, dc=com.
be.auth.ldap.adminPassword
be.mm.auth.ldap.adminPassword
  Specifies the password for the LDAP administrator DN.
be.auth.ldap.baseDN
be.mm.auth.ldap.baseDN
  Specifies the base tree in LDAP under which users can be searched. For example, dc=na, dc=tibco, dc=com.
be.auth.ldap.roleAttr
be.mm.auth.ldap.roleAttr
  Specifies the name of the attribute used by the LDAP server for role information of a user. Set the value to member for RMS server with OpenLDAP

Default value is nsroledn (for Oracle Directory Server).

be.auth.ldap.uidattr
be.mm.auth.ldap.uidattr
  Specifies the name of the attribute used by the LDAP server for user name information. Allowable values are as follows:

uid for Oracle Directory Server

cn for ActiveDirectory.

Default value is uid.

be.auth.ldap.useRoleDN
be.mm.auth.ldap.useRoleDN
  Set this property to true to use the fully qualified name of the attribute used by the LDAP server for role information of a user.

Set this property to false to use only the name of the attribute, which is shown in the notes for the be.auth.ldap.uidAttr property.

Default value is true.

be.auth.ldap.objectClass
be.mm.auth.ldap.objectClass
  Specifies the ObjectClass attribute value for DS.

Many object classes can exist, for example, inetOrgPerson on Oracle Directory Server, and user on Active Directory.

If search should span all object classes, keep this value empty or specify an asterisk ("*").

be.auth.ldap.dnAttr
be.mm.auth.ldap.dnAttr
  Specifies the name of the attribute that contains the fully qualified name.

Default value is distinguishedName.

be.auth.ldap.ssl
be.mm.auth.ldap.ssl
  Specifies a secure connection to the LDAP host is to be established.

Default value is false. Set the property to true to enable a secure connection.