![]() |
Copyright © TIBCO Software Inc. All Rights Reserved |
Configuration files for the JAAS modules are provided in the EMS_HOME/samples/config/jaas directory.For the LDAP modules, properties added in the JAAS configuration file that do not begin with tibems are passed into every LDAP context creation, allowing LDAP-specific parameters to be set in the JAAS configuration file.Properties that must be set in the environment, such as SSL related properties, are configured through the jre_option parameter in the EMS server configuration. However, an SSL key store location can be set using the tibems.ldap.truststore parameter for convenience. See the parameter descriptions for each module type for details.The user name must be in the form of a distinguished name, unless a user name pattern is supplied through the tibems.ldap.user_pattern parameter. When a user pattern is supplied, the DN used for the lookup is that pattern string, with %u replaced with the name of the user.
When set to true, enables debug output for the module. Enabling this parameter may aid in diagnosing configuration problems.Warning: Enabling the debug flag may create security vulnerabilities by revealing information in the log file.The default setting is false. The default is ldap://localhost:389. When a user pattern is supplied, the DN used for the lookup will be this pattern string entered here, with '%u' replaced with the name of the user. For example, uid=%u;ou=People.The default pattern is CN=%u.
When set to true, enables debug output for the module. Enabling this parameter may aid in diagnosing configuration problems.Warning: Enabling the debug flag may create security vulnerabilities by revealing information in the log file.The default setting is false. The default is ldap://localhost:389. When true, enables caching of user information for better performance.The default is false. The default is a unique cache based on the values of the tibems.ldap.url, tibems.ldap.user_base_dn, and tibems.ldap.user_attribute parameters. If a more complex filter is needed, use this property to override the default. Any occurrence of {0} in the search string will be the user attribute, and {1} will be replaced with the user name.The default is {0}={1}. The specified user must have permissions to search LDAP for users under the entry specified by tibems.ldap.user_base_dn.The default is CN=Manager. If one or more backup severs are specified in tibems.ldap.url, this parameter determines the number of times the EMS server iterates through the list of backup LDAP servers. The default is 1000.
•
•
• The default is uid.In addition to all parameters available for the LDAP Authentication module, which are described in Table 52, the following parameters are supported:
Default is cn. The filter used in the static group search. By default, a filter is created using the ems_ldap.group_member_attribute parameter. If a more complex filter is needed, use this property to override the default. Any occurrence of {0} in the search string is replaced with the group member attribute. Any occurrence of {1} is replaced with the user DN. {2} contains solely the user name for cases where the DN does not match group membership.Default is {0}={1}. Default is uniqueMember. Default is groupOfURLs. Default is cn. The filter used in the dynamic group search. By default, a filter is created using the ems_ldap.dynamic_group_member_attribute property. If a more complex filter is needed, use this property to override the default. Any occurrence of {0} is replaced with the group member property. Any occurrence of {1} is replaced with the DN of the user for cases where that may be required. A {2} in the search string is replaced with the user name.When using tibems.ldap.dynamic_group_search_direct, a simple filter should be used which matches all dynamic groups that may contain the user. For example, (objectClass=GroupOfURLs).Default is {0}={1}. Default is uniqueMember. Default is memberURL. Default is false. Default is memberOf. Default is CN. Default is (distinguishedName={1}). Either the host name or IP mask must match for authentication success.
When set to true, enables debug output for the module. Enabling this parameter may aid in diagnosing configuration problems.Warning: Enabling the debug flag may create security vulnerabilities by revealing information in the log file.The default setting is false. Host names or domains can be explicitly specified, or any regular expression working with the Java Pattern class may be used. A domain may be used by beginning the string with a dot (.). Each host-name or pattern must be encapsulated by a single quote and separated by a comma. These entries are compared with the hostname associated with the IP of the connecting EMS client.WARNING: This could have a performance impact as a NIS or DNS lookup may be performed. If this property is not set, host names are not checked during authentication.
![]() |
Copyright © TIBCO Software Inc. All Rights Reserved |