68 lines
3.8 KiB
Properties
68 lines
3.8 KiB
Properties
# LDAP authentication (and possibly attribute resolver) configuration
|
|
# Note, this doesn't apply to the use of JAAS authentication via LDAP
|
|
|
|
## Authenticator strategy, either anonSearchAuthenticator, bindSearchAuthenticator, directAuthenticator, adAuthenticator
|
|
#idp.authn.LDAP.authenticator = anonSearchAuthenticator
|
|
|
|
## Connection properties ##
|
|
idp.authn.LDAP.ldapURL = ldap://localhost:10389
|
|
#idp.authn.LDAP.useStartTLS = true
|
|
# Time in milliseconds that connects will block
|
|
#idp.authn.LDAP.connectTimeout = PT3S
|
|
# Time in milliseconds to wait for responses
|
|
#idp.authn.LDAP.responseTimeout = PT3S
|
|
# Connection strategy to use when multiple URLs are supplied, either ACTIVE_PASSIVE, ROUND_ROBIN, RANDOM
|
|
#idp.authn.LDAP.connectionStrategy = ACTIVE_PASSIVE
|
|
|
|
## SSL configuration, either jvmTrust, certificateTrust, or keyStoreTrust
|
|
#idp.authn.LDAP.sslConfig = certificateTrust
|
|
## If using certificateTrust above, set to the trusted certificate's path
|
|
idp.authn.LDAP.trustCertificates = %{idp.home}/credentials/ldap-server.crt
|
|
## If using keyStoreTrust above, set to the truststore path
|
|
idp.authn.LDAP.trustStore = %{idp.home}/credentials/ldap-server.truststore
|
|
|
|
## Return attributes during authentication
|
|
idp.authn.LDAP.returnAttributes = passwordExpirationTime,loginGraceRemaining
|
|
|
|
## DN resolution properties ##
|
|
|
|
# Search DN resolution, used by anonSearchAuthenticator, bindSearchAuthenticator
|
|
# for AD: CN=Users,DC=example,DC=org
|
|
idp.authn.LDAP.baseDN = ou=people,dc=example,dc=org
|
|
#idp.authn.LDAP.subtreeSearch = false
|
|
idp.authn.LDAP.userFilter = (uid={user})
|
|
# bind search configuration
|
|
# for AD: idp.authn.LDAP.bindDN=adminuser@domain.com
|
|
idp.authn.LDAP.bindDN = uid=myservice,ou=system
|
|
|
|
# Format DN resolution, used by directAuthenticator, adAuthenticator
|
|
# for AD use idp.authn.LDAP.dnFormat=%s@domain.com
|
|
idp.authn.LDAP.dnFormat = uid=%s,ou=people,dc=example,dc=org
|
|
|
|
# pool passivator, either none, bind or anonymousBind
|
|
#idp.authn.LDAP.bindPoolPassivator = none
|
|
|
|
# LDAP attribute configuration, see attribute-resolver.xml
|
|
# Note, this likely won't apply to the use of legacy V2 resolver configurations
|
|
idp.attribute.resolver.LDAP.ldapURL = %{idp.authn.LDAP.ldapURL}
|
|
idp.attribute.resolver.LDAP.connectTimeout = %{idp.authn.LDAP.connectTimeout:PT3S}
|
|
idp.attribute.resolver.LDAP.responseTimeout = %{idp.authn.LDAP.responseTimeout:PT3S}
|
|
idp.attribute.resolver.LDAP.connectionStrategy = %{idp.authn.LDAP.connectionStrategy:ACTIVE_PASSIVE}
|
|
idp.attribute.resolver.LDAP.baseDN = %{idp.authn.LDAP.baseDN:undefined}
|
|
idp.attribute.resolver.LDAP.bindDN = %{idp.authn.LDAP.bindDN:undefined}
|
|
idp.attribute.resolver.LDAP.useStartTLS = %{idp.authn.LDAP.useStartTLS:true}
|
|
idp.attribute.resolver.LDAP.trustCertificates = %{idp.authn.LDAP.trustCertificates:undefined}
|
|
idp.attribute.resolver.LDAP.searchFilter = (uid=$resolutionContext.principal)
|
|
|
|
# LDAP pool configuration, used for both authn and DN resolution
|
|
#idp.pool.LDAP.minSize = 3
|
|
#idp.pool.LDAP.maxSize = 10
|
|
#idp.pool.LDAP.validateOnCheckout = false
|
|
#idp.pool.LDAP.validatePeriodically = true
|
|
#idp.pool.LDAP.validatePeriod = PT5M
|
|
#idp.pool.LDAP.validateDN =
|
|
#idp.pool.LDAP.validateFilter = (objectClass=*)
|
|
#idp.pool.LDAP.prunePeriod = PT5M
|
|
#idp.pool.LDAP.idleTime = PT10M
|
|
#idp.pool.LDAP.blockWaitTime = PT3S
|