Structure of the LDAP Properties File

Administration Guide > LDAP Domain Administration > Configure the LDAP Properties File > Structure of the LDAP Properties File

The ldap.properties file uses these conventions:

• PREFIX must be replaced with the values of the domain name or type of your directory services that are in use.

If you have multiple LDAP directories, you can replace PREFIX with the domain name given to each specific LDAP directory.

For example for single LDAP directories, use “activedirectory” or “restaurantOwners” where “restaurantOwners” comes from the domain name given to that LDAP directory.

• Property file variables are designated with a capital letter enclosed by angled brackets: <A>, <B>,... <X>.

• The ldap.properties file does not support mix and match domain names with domain subtypes.

Used for Querying all Users

LDAP Property and Value	Description
<PREFIX>.all.users.search.context=<A>	Search-context used to find all users.
<PREFIX>.all.users.filter=<B>	Filter to pass to a query for finding all users.
<PREFIX>.all.users.username.attribute=<C>	Username attribute to retrieve the name of user found from a query.
<PREFIX>.all.users.search.timeout=<D>	Search timeout value to limit the time for infinite search; 0 means infinite timeout, timeout is in milliseconds and should be greater than 0.

Used for Querying all Groups

LDAP Property and Value	Description
<PREFIX>.all.groups.search.context=<A>	Search-context used to find all groups.
<PREFIX>.all.groups.filter=<B>	Filter to pass to a query for finding all groups.
<PREFIX>.all.groups.groupname.attribute=<C>	Group name attribute to retrieve the name of a group found from a query.
<PREFIX>.all.groups.search.timeout=<D>	Search timeout value to limit the time for infinite search; 0 means infinite timeout, timeout is in milliseconds and should be greater than 0.

Used for Authenticating LDAP Users

LDAP Property and Value	Description
<PREFIX>.user.username.comparison.is.case. sensitive=<A>	Sets the user name comparison to be case-sensitive or not. By default the value of <A> is True but it can be set to False.
<PREFIX>.user.search.context=<B>	Search-context used to find the user attempting authentication.
<PREFIX>.user.filter=<C>	Filter used to authenticate user in LDAP directory server. The USERNAME keyword will be replaced at runtime with the appropriate username.
<PREFIX>.user.username.attribute=<D>	User name attribute to retrieve the name of the user attempting authentication from a query.
<PREFIX>.user.search.timeout=<E>	Search timeout value to limit the time for infinite searches; 0 means infinite timeout, timeout is in milliseconds and should be greater than 0.

Used for Querying all Groups for a User

LDAP Property and Value	Description
<PREFIX>.user.groups.search.context=<A>	Search-context used to find all the groups for a user.
<PREFIX>.user.groups.filter=<B>	Filter to pass to a query for finding the members of a group.The USERDN keyword is replaced at run time with the appropriate user distinguished name.
<PREFIX>.user.groups.groupname.attribute=<C>	Group name attribute for finding the name of a group to which a user belongs.
<PREFIX>.user.groups.search.timeout=<D>	Search timeout value to limit the time for infinite searches; 0 means infinite timeout, timeout is in milliseconds and should be greater than 0.