Configuring Server Properties - Security
Direct
LDAP Connection Properties
Gateway LDAP Connection Properties
See also: Server Administration Application Home Page, User Authentication
Click the Save button at the bottom of the page to save the properties. These properties are saved to file security.properties in the ebaseConf folder of the web application e.g. userdata/apps/<webappname>/ebaseConf/security.properties.
These properties are use to connect to an LDAP Server e.g. Active Directory. These properties are used by:
These properties are relevant when connecting directly to an LDAP service.
Label |
Property Name |
Requires Restart |
Description |
Gateway Connection |
|
No |
This should be unchecked if connecting directly to a LDAP
service. |
Protocol |
Ldap.protocol |
No |
This can be either
|
Ldap.RegistryHost |
No |
Hostname or ip address of the LDAP registry system. |
|
Ldap.RegistryPort |
No |
Port used by the LDAP registry system. The default is 389. |
|
Ldap.RegistrUrl |
No |
The URL used to access the
LDAP registry system. If specified, this overrides properties Registry Host and |
|
|
|
|
|
Ldap.UserKeyAttributeName |
No |
The user attribute used to search the registry for user data. This attribute should uniquely identify the user. Use sAMAccountName with Active Directory. The default is cn. |
|
Ldap.BindDistinguishedName |
No |
The full DN used by the system to connect to the repository. This parameter supplies the “userid” for connections to the LDAP Registry. If not specified, the system will bind as 'Anonymous'. Note that anonymous binding is only supported by LDAP V3 systems. |
|
Ldap.BindPassword |
No |
The password to be used with the previous property to connect to the repository. |
|
Ldap.BaseDistinguishedName |
No |
The DN suffix to be applied to all LDAP attribute searches. This will be one or more key=value pairs separated by commas which should be specified in reverse order of the LDAP hierarchy tree, i.e. tree root appears last. This parameter should specify the lowest point in the directory tree which is common for all userid searches e.g. if your registry contains a number of paths containing userid definitions, this parameter should specify a point in the directory that is common for all paths. The system searches use subtree scope for directory searches, so the root directory could be specified if necessary. |
|
User Key Attribute Name |
Ldap.UserKeyAttributeName |
No |
The user attribute used to search the registry for user data. This attribute should uniquely identify the user. Use sAMAccountName with Active Directory. The default is cn. |
Sample LDAP properties needed to connect to Active Directory using LDAPServices:
Ldap.RegistryHost=ebt9999
Ldap.BaseDistinguishedName=ou=development,o=ebase
Ldap.UserKeyAttributeName=sAMAccountName
Ldap.BindDistinguishedName=Admin@ebase
Ldap.BindPassword=xxxxx
Click the Test LDAP
Connection button to test the parameters above. Note that this will test
that the provided user (Bind Distinguished Name) and password are valid, but
will not test whether the user is authorised to perform searches. Also the User
Key Attribute Name property is not tested.
These properties are relevant when connecting to an LDAP service over a Gateway Tunnel.
Label |
Property Name |
Requires Restart |
Description |
Gateway Connection |
|
No |
This should be checked if connecting to a LDAP service over a Gateway Tunnel. |
Gateway |
|
No |
Select the Verj.io Gateway. |
Gateway Tunnel |
|
No |
Select the Gateway Tunnel to
use to connect to the LDAP service. |
|
|
|
|
User Key Attribute Name |
Ldap.UserKeyAttributeName |
No |
The user attribute used to
search the registry for user data. This attribute should uniquely identify
the user. Use sAMAccountName
with Active Directory. The default is cn. |
Binding Distinguished Name |
Ldap.BindDistinguishedName |
No |
The full DN used by the system
to connect to the repository. This parameter supplies the “userid” for connections to the LDAP Registry. If not
specified, the system will bind as 'Anonymous'. Note that anonymous binding
is only supported by LDAP V3 systems. |
Binding Password |
Ldap.BindPassword |
No |
The password to be used with the previous property to connect to the repository. |
Base Distinguished Name |
Ldap.BaseDistinguishedName |
No |
The DN suffix to be applied to all LDAP attribute searches.
This will be one or more key=value pairs separated by commas which should be
specified in reverse order of the LDAP hierarchy tree, i.e. tree root appears
last. This parameter should specify
the lowest point in the directory tree which is common for all userid searches e.g. if your registry contains a number
of paths containing userid definitions, this
parameter should specify a point in the directory that is common for all
paths. The system searches use subtree scope for
directory searches, so the root directory could be specified if necessary. |
User Key Attribute Name |
Ldap.UserKeyAttributeName |
No |
The user attribute used to
search the registry for user data. This attribute should uniquely identify
the user. Use sAMAccountName
with Active Directory. The default is cn. |
Other than specifying a Gateway and Gateway Tunnel instead
of configuring the Protocol, Registry Host,
Label |
Property Name |
Requires Restart |
Description |
User Role Attribute Name |
Ldap.UserRoleAttributeName |
No |
This property applies only when one of the deprecated LDAP login modules are used. It specifies the attribute within the LDAP system that contains a comma delimited list of security roles to be associated with the user. |
Cache Refresh Period |
Ldap.CacheRefreshPeriod |
No |
This property applies only when LDAP User Attributes are used. It specifies the number of minutes cached attribute data is kept in the cache before it is treated as stale and refreshed from the LDAP registry system. The default is 0 (no refresh takes place). |
These properties all have default values that should rarely, if ever, be changed.
Label |
Property Name |
Requires Restart |
Description |
Ufs.logonExitServlet |
Yes |
Specifies the relative URL of the
logon exit program. This defaults to LogonExitServlet and should not normally be changed. |
|
Ufs.loginModuleEntryName |
Yes |
This property applies only when the deprecated EbaseLogonExit program is used, and specifies the name of the login module entry. |
|
Ufs.userManager |
Yes |
Specifies the class to be used for the authentication manager component. This provides the opportunity to replace the authentication manager component of the Verj.io Security system. |
|
Ufs.authorisationManager |
Yes |
Specifies the class to be used for the authorization manager component. This provides the opportunity to replace the authorization manager component of the Verj.io Security system. |