Versions Compared

Old Version 12

changes.mady.by.user Lonnie VanZandt

Saved on

compared with

New Version 13

changes.mady.by.user Lonnie VanZandt

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Expand
titlePurpose of each Syndeia Silhouette LDAP setting

Setting

Purpose

Mandatory?

Typical

ldap.hostname

names the server that is providing the LDAP service

YES

ldap.company.com

ldap.port

identifies the port on the LDAP server

YES

389 or 636

ldap.adminUserDN

the LDAP Distinguished Name for the LDAP Administrator

Usually

cn=MYADMIN,ou=MYADMINGROUP,dc=MYCOMPANY,dc=MYCOM

ldap.adminPassword

encrypted value of the LDAP Admin’s password

Usually

MYADMINPASS (like #$%^&*_NOSOUPFORYOU)

ldap.baseDN

base Distinguished Name for the start of user queries

YES

ou=MYUSERS,dc=MYCOMPANY,dc=MYCOM

ldap.userBindAttribute

organization’s choice of LDAP attribute that uniquely identifies each user even without a full DN

YES

uid or sAMAccountName

ldap.mailAttribute

organization’s choice of LDAP attribute that uniquely identifies each user’s Email address

YES

email or userPrincipalName

ldap.startTLS

should Syndeia first attempt to establish an HTTPS session with the LDAP service before making queries?

YES

false for LDAP, true for Secure-LDAP

ldap.trustAllCertificates

should Syndeia allow the LDAP service to use an untrustworthy or self-signed SSL certificate?

YES

false (production), true (testing)

ldap.truststorePath

file location on the Syndeia server for the Java Keystore which holds public certificates that sign the public SSL certificate used by the LDAP server

NO

/opt/icx/syndeia-cloud-current/some/secure/path/to/keystore.jks

ldap.truststorePassword

password for the JKS file at ldap.truststorePath

NO

Often it is left as “changeme” - but it should be changed when it a proper JKS keystore is being used

ldap.trustStoreType

the type of Keystore. JKS is typical. This depends on what the running JVM has been configured to support.

NO

“jks” - but only when a ldap.truststorePath is present.

ldap.groupSettings.dn

Distinguished Name for where to start looking for LDAP Group instances

NO

ou=MYTEAMS,dc=MYCOMPANY,dc=MYCOM

ldap.groupSettings.ou

A string within an OU value that identifies a Group instance

NO

MYTEAMS

ldap.groupSettings.name

a common name value that indicates the team of Syndeia Users

NO

MYSYNDEIAUSERGROUP

ldap.groupSettings.bindAttribute

the LDAP attribute in a group instance that identifies the common name

NO

cn

ldap.groupSettings.memberAttribute

the LDAP attribute in a group instance that identifies one or more member entries

NO

member or uniqueMember

Operation

  1. Restart the web-gateway service

    1. sudo systemctl restart sc-web-gateway

...