Parameters
The LDAP Authentication Module parameters are listed in the following table.
Parameter | Description |
---|---|
debug
|
When set to
true , enables debug output for the module. Enabling this parameter may aid in diagnosing configuration problems.
Warning: Enabling the debug flag may create security vulnerabilities by revealing information in the log file. The default setting is
|
tibems.ldap.operation_timeout
|
The timeout set for LDAP connect and LDAP read operations. The property is specified in milliseconds.
If not set, these two LDAP operations will follow their default behavior. |
tibems.ldap.truststore
|
The key store that is used for TLS connections.
On Windows, the trust store must use forward slashes or escape backslashes when specifying a path. |
tibems.ldap.url
|
The location of the LDAP server. Specify a single URL or comma-separated list of URLs. Each URL must use the format described by RFC 2255.
The server configuration can be defined as a single URL, or as a series of LDAP URLs representing the primary and backups servers. To configure a backup, provide a comma-separated list of URLs. For example:
The servers are attempted in the order listed. Should the first server in the list be unavailable or fail, the next URL is tried. Any number of backup servers may be specified. The default is
|
tibems.ldap.user_base_dn
|
The base DN used for the LDAP search. For example:
|
tibems.cache.enabled
|
When true, enables caching of user information for better performance.
The default is
|
tibems.cache.instance
|
A string that represents an instance of the user cache. When stacked login modules specify the same instance, they share the same user cache as a form of optimization.
The default is a unique cache based on the values of the
|
tibems.cache.user_ttl
|
Specifies the maximum time (in seconds) that cached LDAP data is retained before it is refreshed.
The default is
|
tibems.ldap.user_filter
|
The filter used when searching for a user.
If a more complex filter is needed, use this property to override the default. Any occurrence of
The default is
|
tibems.ldap.manager
|
The distinguished name of the user that this module uses when binding to the LDAP server to perform a search.
The specified user must have permissions to search LDAP for users under the entry specified by The default is
|
tibems.ldap.manager_password
|
The password used when binding to the LDAP server as the manager. This password may be mangled using the EMS Administration Tool. |
tibems.ldap.retries
|
The number of times that the module should reattempt a connection if there is a communication failure with the LDAP server.
If one or more backup severs are specified in
The default value is
|
tibems.ldap.retry_delay
|
The module waits this number of milliseconds before retrying the connection to the LDAP server.
The default is
|
tibems.ldap.scope
|
The scope of the search. Valid values include:
|
tibems.ldap.user_attribute
|
The attribute that is compared to the user name for the search.
The default is
|