|
|
|
|
|
LDAP Parameters
The following list contains Valuemation parameters and values related to setting LDAP connection that are necessary to process the information retrieved from the LDAP correctly. The path is an internal identification of the parameter within mainparameters and helps you group related parameters together.
NOTE: The suggested values you pass as parameters apply to Microsoft platform (Windows 2000 Server and higher) and depend on the directory structure of your LDAP server. The parameters that are needed to establish a connection to the LDAP might differ if your company uses another platform for running LDAP.
Parameter: authenticationType
There are 2 types of authentication to choose from - fullDN and shortCN.
Path: de.usu.s3.authentication.JNDIManager
Values:
fullDN - distinguished name from S3User table is used, full JNDI distinguished name will be stored for each imported user
shortCN - authentication string is constructed as concatenation of given "commonName" and value of "folderUsers" main parameter (default setting if the main parameter doesn't exist == backward compatibility)
Parameter: provider
Name of the LDAP server in the network, for example, ldap://win2000as.
Path: de.usu.s3.authentication.JNDIManager
Value: ldap://win2000as
Parameter: initctx
Parameter (Constant) that holds the name of the environment property for specifying the initial context factory to use. The value of the property should be the fully qualified class name of the factory class that will create an initial context.
Path: de.usu.s3.authentication.JNDIManager
Value: com.sun.jndi.ldap.LdapCtxFactory
Parameter: folderRoot
The root of the directory structure on the server, for example, DC=bm,DC=usutest,DC=cz. This can also be interpreted as bm.usutest.cz, where each entry stands for a separate domain context level from the lowest to the highest one.
Path: de.usu.s3.authentication.JNDIManager
Value: DC=bm,DC=usutest,DC=cz
Parameter: commonName
The identifier of the user object in the directory defined by the parameter folder users (for example, users) on the LDAP.
Path: de.usu.s3.authentication.JNDIManager
Value: CN
Parameter: propertyDelimiter
LDAP records separating character.
Path: de.usu.s3.authentication.JNDIManager
Value: ,
Parameter: userId
Name of the parameter used in vm for the VM user id.
Path: de.usu.s3.authentication.JNDIManager
Value: cn
Parameter: userFirstName
The name of the parameter on the LDAP whose value is the first name of a user.
Path: de.usu.s3.authentication.JNDIManager
Value: givenName
Parameter: userLastName
The name of the parameter on the LDAP whose value is the last name of a user.
Path: de.usu.s3.authentication.JNDIManager
Value: sn
Parameter: userGroups
The name of the parameter on the LDAP whose value is a list of groups which the user belong to.
Path: de.usu.s3.authentication.JNDIManager
Value: memberOf
Parameter: userFilter
Filters all entries on the LDAP and returns a collection of all users by the condition, since besides user records, the working folder on the LDAP contains also additional entries irrelevant for the use in Valuemation.
Path: de.usu.s3.authentication.JNDIManager
Value: ((objectclass=person)(objectclass=user))
Parameter: folderUsers
The value represents a specification of the LDAP folder containing user data. However, as it contains items besides users, you need to apply a filter so as to get only the user records (see above).
Path: de.usu.s3.authentication.JNDIManager
Value: CN=Users,DC=bm,DC=usutest,DC=cz
Parameter: groupId
The name of the parameter on the LDAP whose value is the identifier of a group record.
Path: de.usu.s3.authentication.JNDIManager
Value: cn
Parameter: groupFilter
Filters all entries on the LDAP and returns a collection of all groups by the condition, since the working folder on the LDAP contains also additional entries irrelevant for the use in Valuemation.
Path: de.usu.s3.authentication.JNDIManager
Value: (objectclass=group)
Parameter: externalManager
The JAVA class to be used for browsing through the LDAP server. A new class can be easily programmed if your company has a specific server incompatible with the standard used in Valuemation.
Path: de.usu.s3.userimport.ImportManager
Value: de.usu.s3.authentication.JNDIManager
Parameter: externalManagerUsername
The username used to connect to the LDAP. This user must have at least read-access rights to the LDAP.
Path: de.usu.s3.userimport.ImportManager
Value: Administrator
Parameter: externalManagerPassword
The password used to connect to the LDAP in an encrypted form. To encrypt the password, use the RunCrypto.bat utility in the Valuemation root directory.
Path: de.usu.s3.userimport.ImportManager
Value: A1233D90C0E9E1A0665E6DBB63024912
Parameter: groupsImport
Enables import of groups from LDAP server.
Path: de.usu.s3.userimport.ImportManager
Values: true/false
Parameter: domainsImport
Possibility to handle users from different domains. (only for Valuemation 3.5)
Path: de.usu.s3.userimport.ImportManager
Value: true/false
Parameter: customizableReplacements
Enables replacements for restricted characters in LDAP user IDs. Can be enabled and edited in Global Settings/Authentication.
Path: de.usu.s3.userimport.ImportManager
Value: true/false
Parameter: ST025694-JNDIauthenticationAutocorrectionOff
Optionaly, the autocorrection mechanism can be switched off by adding a mainparameter. If the parameter is set to TRUE, autocorrection is switched-off. If the autocorrection is switched-off, only a user with distinguished name
stored in VM database can log in. The other users with similar names are rejected.
Path: vmcorehotfix
Value: true/false