Parameters
The LDAP Authentication Module parameters are listed in the following table.
| Parameter | Description |
|---|---|
| debug | When set to
true, enables debug output for the module. Enabling this parameter may aid in diagnosing configuration problems.
Warning: Enabling the debug flag may create security vulnerabilities by revealing information in the log file. The default setting is false. |
| tibems.ldap.operation_timeout | The timeout set for LDAP connect and LDAP read operations. The property is specified in milliseconds.
If not set, these two LDAP operations will follow their default behavior. |
| tibems.ldap.truststore | The key store that is used for TLS connections.
On Windows, the trust store must use forward slashes or escape backslashes when specifying a path. |
| tibems.ldap.url | The location of the LDAP server. Specify a single URL or comma-separated list of URLs. Each URL must use the format described by RFC 2255.
The server configuration can be defined as a single URL, or as a series of LDAP URLs representing the primary and backups servers. To configure a backup, provide a comma-separated list of URLs. For example: ldap://localhost:389,ldap://localhost:489 The servers are attempted in the order listed. Should the first server in the list be unavailable or fail, the next URL is tried. Any number of backup servers may be specified. The default is ldap://localhost:389. |
| tibems.ldap.user_base_dn | The base DN used for the LDAP search. For example:
ou=People,dc=TIBCO,dc=com |
| tibems.cache.enabled | When true, enables caching of user information for better performance.
The default is false. |
| tibems.cache.instance | A string that represents an instance of the user cache. When stacked login modules specify the same instance, they share the same user cache as a form of optimization.
The default is a unique cache based on the values of the tibems.ldap.url, tibems.ldap.user_base_dn, and tibems.ldap.user_attribute parameters. |
| tibems.cache.user_ttl | Specifies the maximum time (in seconds) that cached LDAP data is retained before it is refreshed.
The default is 60. |
| tibems.ldap.user_filter | The filter used when searching for a user.
If a more complex filter is needed, use this property to override the default. Any occurrence of {0} in the search string will be the user attribute, and {1} will be replaced with the user name. The default is {0}={1}. |
| tibems.ldap.manager | The distinguished name of the user that this module uses when binding to the LDAP server to perform a search.
The specified user must have permissions to search LDAP for users under the entry specified by tibems.ldap.user_base_dn. The default is CN=Manager. |
| tibems.ldap.manager_password | The password used when binding to the LDAP server as the manager. This password may be mangled using the EMS Administration Tool. |
| tibems.ldap.retries | The number of times that the module should reattempt a connection if there is a communication failure with the LDAP server.
If one or more backup severs are specified in tibems.ldap.url, this parameter determines the number of times the EMS server iterates through the list of backup LDAP servers. The default value is 0, meaning no retries are attempted. |
| tibems.ldap.retry_delay | The module waits this number of milliseconds before retrying the connection to the LDAP server.
The default is 1000. |
| tibems.ldap.scope | The scope of the search. Valid values include: |
| tibems.ldap.user_attribute | The attribute that is compared to the user name for the search.
The default is uid. |