Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [evanroper@helpdesk ldap]$ cat ldap-authentication.properties
- # This flag enables use of this LDAP subsystem for authentication. It may be
- # that this subsytem should only be used for synchronization, in which case
- # this flag should be set to false.
- ldap.authentication.active=true
- #
- # This properties file brings together the common options for LDAP authentication rather than editing the bean definitions
- #
- ldap.authentication.allowGuestLogin=false
- # How to map the user id entered by the user to that passed through to LDAP
- # - simple
- # - this must be a DN and would be something like
- # uid=%s,ou=People,dc=company,dc=com
- # - digest
- # - usually pass through what is entered
- # %s
- # If not set, an LDAP query involving ldap.synchronization.personQuery and ldap.synchronization.userIdAttributeName will
- # be performed to resolve the DN dynamically. This allows directories to be structured and doesn't require the user ID to
- # appear in the DN.
- ldap.authentication.userNameFormat=(uid=%s,ou=People,dc=esa,dc=com)
- #ldap.authentication.userNameFormat=%s
- # The LDAP context factory to use
- ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
- # The URL to connect to the LDAP server
- ldap.authentication.java.naming.provider.url=ldap://10.10.0.2:389
- # The authentication mechanism to use for password validation
- ldap.authentication.java.naming.security.authentication=simple
- # Escape commas entered by the user at bind time
- # Useful when using simple authentication and the CN is part of the DN and contains commas
- ldap.authentication.escapeCommasInBind=false
- # Escape commas entered by the user when setting the authenticated user
- # Useful when using simple authentication and the CN is part of the DN and contains commas, and the escaped \, is
- # pulled in as part of an LDAP sync
- # If this option is set to true it will break the default home folder provider as space names can not contain \
- ldap.authentication.escapeCommasInUid=false
- # Comma separated list of user names who should be considered administrators by default
- ldap.authentication.defaultAdministratorUserNames=evanroper
- # This flag enables use of this LDAP subsystem for user and group
- # synchronization. It may be that this subsytem should only be used for
- # authentication, in which case this flag should be set to false.
- ldap.synchronization.active=true
- # The authentication mechanism to use for synchronization
- ldap.synchronization.java.naming.security.authentication=simple
- # The default principal to use (only used for LDAP sync)
- ldap.synchronization.java.naming.security.principal=(cn\=admin,dc\=esa,dc\=com)
- # The password for the default principal (only used for LDAP sync)
- ldap.synchronization.java.naming.security.credentials=*myAdminPasswordHere*
- # If positive, this property indicates that RFC 2696 paged results should be
- # used to split query results into batches of the specified size. This
- # overcomes any size limits imposed by the LDAP server.
- ldap.synchronization.queryBatchSize=0
- # If positive, this property indicates that range retrieval should be used to fetch
- # multi-valued attributes (such as member) in batches of the specified size.
- # Overcomes any size limits imposed by Active Directory.
- ldap.synchronization.attributeBatchSize=0
- # The query to select all objects that represent the groups to import.
- ldap.synchronization.groupQuery=(objectclass\=groupOfNames)
- # The query to select objects that represent the groups to import that have changed since a certain time.
- ldap.synchronization.groupDifferentialQuery=(&(objectclass\=groupOfNames)(!(modifyTimestamp<\={0})))
- # The query to select all objects that represent the users to import.
- ldap.synchronization.personQuery=(objectclass\=inetOrgPerson)
- # The query to select objects that represent the users to import that have changed since a certain time.
- ldap.synchronization.personDifferentialQuery=(&(objectclass\=inetOrgPerson)(!(modifyTimestamp<\={0})))
- # The group search base restricts the LDAP group query to a sub section of tree on the LDAP server.
- ldap.synchronization.groupSearchBase=(ou\=Mail Groups,dc\=esa,dc\=com)
- # The user search base restricts the LDAP user query to a sub section of tree on the LDAP server.
- ldap.synchronization.userSearchBase=(ou\=People,dc\=esa,dc\=com)
- # The name of the operational attribute recording the last update time for a group or user.
- ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp
- # The timestamp format. Unfortunately, this varies between directory servers.
- ldap.synchronization.timestampFormat=yyyyMMddHHmmss'Z'
- # The attribute name on people objects found in LDAP to use as the uid in Alfresco
- ldap.synchronization.userIdAttributeName=uid
- # The attribute on person objects in LDAP to map to the first name property in Alfresco
- ldap.synchronization.userFirstNameAttributeName=givenName
- # The attribute on person objects in LDAP to map to the last name property in Alfresco
- ldap.synchronization.userLastNameAttributeName=sn
- # The attribute on person objects in LDAP to map to the email property in Alfresco
- ldap.synchronization.userEmailAttributeName=mail
- # The attribute on person objects in LDAP to map to the organizational id property in Alfresco
- ldap.synchronization.userOrganizationalIdAttributeName=o
- # The default home folder provider to use for people created via LDAP import
- ldap.synchronization.defaultHomeFolderProvider=largeHomeFolderProvider
- # The attribute on LDAP group objects to map to the authority name property in Alfresco
- ldap.synchronization.groupIdAttributeName=cn
- # The attribute on LDAP group objects to map to the authority display name property in Alfresco
- ldap.synchronization.groupDisplayNameAttributeName=description
- # The group type in LDAP
- ldap.synchronization.groupType=groupOfNames
- # The person type in LDAP
- ldap.synchronization.personType=inetOrgPerson
- # The attribute in LDAP on group objects that defines the DN for its members
- ldap.synchronization.groupMemberAttributeName=member
- # If true progress estimation is enabled. When enabled, the user query has to be run twice in order to count entries.
- ldap.synchronization.enableProgressEstimation=true
Add Comment
Please, Sign In to add comment