Setting | Purpose | Mandatory? | Typical |
---|
ldap.hostname
| names the server that is providing the LDAP service | YES | ldap.company.com |
ldap.port
| identifies the port on the LDAP server | YES | 389 or 636 |
ldap.adminUserDN
| the LDAP Distinguished Name for the LDAP Administrator | Usually | cn=MYADMIN,ou=MYADMINGROUP,dc=MYCOMPANY,dc=MYCOM |
ldap.adminPassword
| encrypted value of the LDAP Admin’s password | Usually | MYADMINPASS (like #$%^&*_NOSOUPFORYOU) |
ldap.baseDN
| base Distinguished Name for the start of user queries | YES | ou=MYUSERS,dc=MYCOMPANY,dc=MYCOM |
ldap.userBindAttribute
| organization’s choice of LDAP attribute that uniquely identifies each user even without a full DN | YES | uid or sAMAccountName |
ldap.mailAttribute
| organization’s choice of LDAP attribute that uniquely identifies each user’s Email address | YES | email or userPrincipalName |
ldap.startTLS
| should Syndeia first attempt to establish an HTTPS session with the LDAP service before making queries? | YES | false for LDAP, true for Secure-LDAP |
ldap.trustAllCertificates
| should Syndeia allow the LDAP service to use an untrustworthy or self-signed SSL certificate? | YES | false (production), true (testing) |
ldap.truststorePath
| file location on the Syndeia server for the Java Keystore which holds public certificates that sign the public SSL certificate used by the LDAP server | NO | /opt/icx/syndeia-cloud-current/some/secure/path/to/keystore.jks |
ldap.truststorePassword
| password for the JKS file at ldap.truststorePath | NO | Often it is left as “changeme” - but it should be changed when it a proper JKS keystore is being used |
ldap.trustStoreType
| the type of Keystore. JKS is typical. This depends on what the running JVM has been configured to support. | NO | “jks” - but only when a ldap.truststorePath is present. |
ldap.groupSettings.dn
| Distinguished Name for where to start looking for LDAP Group instances | NO | ou=MYTEAMS,dc=MYCOMPANY,dc=MYCOM |
ldap.groupSettings.ou
| A string within an OU value that identifies a Group instance | NO | MYTEAMS |
ldap.groupSettings.name
| a common name value that indicates the team of Syndeia Users | NO | MYSYNDEIAUSERGROUP |
ldap.groupSettings.bindAttribute
| the LDAP attribute in a group instance that identifies the common name | NO | cn |
ldap.groupSettings.memberAttribute
| the LDAP attribute in a group instance that identifies one or more member entries | NO | member or uniqueMember |