Name of the LDAP properties file associated with a group of LDAP parameters. Default
Used in the httpd.conf file to specify the group when LDAP authentication is
used. Possible values:
Server Authentication Type: Specify the method for authenticating the Web server to the LDAP server. Possibilities are:
The Server Distinguished Name: Distinguished name of the Web server. This name
is used as the username when accessing an LDAP server using Basic authentication.
Use the entry specified in the LDAP server to access the directory server.
Name of the stash file containing the encrypted password for the application to authenticate to the LDAP server when Server Authentication type is Basic. This stash file can be created with the 'ldapstash' command.
Cache Time-out: Responses from the LDAP server are cached. This is the maximum length of time (in seconds) a response returned from the LDAP server remains valid. If the Web server is configured to run as multiple processes, each process will manage its own copy of the cache.
ldap.group.memberAttributes= <Group Member Attributes>
Group Member Attributes: Once a group entry is found in an LDAP directory, the group members are extracted by using these attribute names. The values of these attributes must be the distinguished names of the members of the group. More than one attribute can be used to contain member information. The default attributes are member and uniqueMember.
ldap.group.name.filter= <group name filter>
Group Name Filter: Filter LDAP uses to search for group names. The default is (&(cn=%v1)(|(objectclass=groupOfNames)(objectclass=groupOfUniqueNames)))
This property is only required if the LDAP URL for groups differs from the URL specified by the ldap.URL property.
Idle Connection Time-out: Connections to the LDAP server are cached for performance. This is the length of time (in seconds) before an idle LDAP server connection is closed because of inactivity.
ldap.key.file.password.stashfile=d:\<Key password file name>
Key password file name: The stash file containing the encrypted keyfile password; use the 'ldapstash' command to create this stash file.
ldap.key.fileName=d:\<Key file name>
Key file name: Filename of the key file database. This is required if you are using SSL.
Key Label: Name of the certificate label the Web server uses to authenticate to
the LDAP server. This label is only required when doing SSL and the LDAP server
is set up to request client authentication from the Web server.
Protection realm: Name of the protected area as seen by the requesting client.
Search Time-out: The maximum time (in seconds) to wait for an LDAP server to complete a search operation.
The transport method used to communicate with the LDAP server.
For example: ldap.URL=ldap://<ldap.ibm.com:489/o=Ace Industry, c=US
The method for authenticating the user requesting a Web server. This name is used as the username when accessing an LDAP server. Possible values: Basic, Cert, BasicIfNoCert
Filter used to convert the information in the client certificate passed over SSL to a search filter for an LDAP entry. The default is "(&(objectclass=person) (cn=%v1, ou=%v2, o=%v3,c=%v4))". SSL certificates include the following fields, all of which can be converted to a search filter:
The characters which are considered valid field separator characters when parsing the user name into fields. For example, if '/' is the only field separator character and the user inputs "Joe Smith/Acme," then '%v1' equals "Joe Smith" and '%v2' equals "Acme." The default characters are the space, comma, and the tab (/t) character.
ldap.user.name.filter=<User Name Filter>
User Name Filter: Filter used to convert the username as input by the user to a search filter for an LDAP entry. The default is "((objectclass=person) (cn=%v1 %v2))" where %v1 and %v2 are the words typed by the user.
For example, if the user types "Paul Kelsey", the resulting search filter is "((objectclass=person)(cn=Paul Kelsey))". Search filter syntax is described in "LDAP search filters".
However, because the Web server cannot differentiate between multiple returned entries, authentication fails when the LDAP server returns more than one entry. For example, if the user makes the ldap.user.name.filter= "((objectclass=person)(cn=%v1* %v2*))" and types in "Pa Kel", the resulting search filter is "(cn=Pa* Kel*)". The filter finds multiple entries such as (cn=Paul Kelsey) and (cn=Paula Kelly) and authentication fails. You must modify your search filter.
The version of the LDAP protocol used to connect to the LDAP server. The LDAP version is determined by the protocol version used by the LDAP server. This directive is optional. The default is LDAP Version 3. (Possible values are: 2 or 3.)
Connection retry interval: If an LDAP server is down, the Web server continually thrashes, trying to connect. When a connection must be reestablished because of a down server, this is the time (in seconds) the Web server waits between failed attempts to connect.