# LDAP provider
# The values for hostname, baseDN and adminUserDN are placeholder values.
# Please provide actual values, and the value for adminPassword, before using an LDAP provider.
#
# the hostname where the LDAP service is served
# Default if absent is no LDAP service
#ldap.hostname="MYLDAPSERVICE.MYCOMPANY.MYCOM"
# the port on the host for the LDAP service
# Default if absent is 389 (for insecure LDAP)
#ldap.port=636
# Topmost DN where Syndeia looks for users to authenticate for Syndeia Cloud
# Default if absent is no LDAP service
#ldap.baseDN="dc=MYCOMPANY,dc=MYCOM"
# DN of an LDAP Administrator
# Default if absent is unauthenticated LDAP searches
#ldap.adminUserDN="cn=admin,dc=MYCOMPANY,dc=MYCOM"
# Password for the LDAP Administrator in plain text
# Default if absent is unauthenticated LDAP searches
#ldap.adminPassword
# the LDAP Attribute that indicates a user identity
# Default if absent is "uid" (MS AD uses sAMAccountName)
#ldap.userBindAttribute="uid"
# the LDAP Attribute that indicates each user's email emailAddress
# Default if absent is "mail"
#ldap.mailAttribute="mail"
# should Transport Layer Security be used for the LDAP searches
# Default if absent is false (must be true for LDAPS)
#ldap.startTLS=true
# the SSL Protocol to use for TLS
# Default if absent is negotiation by client and server
#ldap.sslProtocol="TLSv1.2"
# the Cipher to use for TLS
# Default if absent is negotiation by client and server
#ldap.sslCipher="TLS_RSA_WITH_AES_256_CBC_SHA256"
# the path to an SSL certificates trust trustStore
# Default if absent is all certificates from the LDAP servers are trusted
#ldap.truststorePath="/some/path/jssecacerts"
# the password for the SSL certificates trust trustStore
# Default if absent is the well-known JKS password
#ldap.truststorePassword="WeReallyDidChangeIt"
# type of the Trust Store
# Default if absent is jks for a Java Key Store
#ldap.trustStoreType
# --------------------------------------------------
# If you want to limit Syndeia access to the members of
# LDAP groups, then supply at least one and any more appropriate values
# for the group settings below
# Syndeia will search through nested groups of any depth but all Group DNs must be within the DN of ldap.groupSettings.dn
# --------------------------------------------------
#
# Topmost DN where Syndeia looks for <memberAttribute> to identify groups and/or users to authenticate for Syndeia Cloud
# Default if absent would be the ldap.baseDN for where Users are searched
# ldap.groupSettings.dn="ou=MYGROUPS,dc=MYCOMPANY,dc=MYCOM"
#
# LDAP ObjectClass that indicates an entry is a Groups
# Default if absent would be "groupOfUniqueNames"
# ldap.groupSettings.objectClass="groupOfUniqueNames"
#
# Obsolete OU attribute value to help Syndeia identify LDAP group nodes
# ldap.groupSettings.ou="groups"
#
# Simple name of the group used to restrict access to Syndeia Cloud
# Default if absent would be the ldap.baseDN for where Users are searched
# ldap.groupSettings.name="SyndeiaUsers"
#
# Attribute used to indicate group instances
# Default if absent would be "cn"
# for example, given a DN: "cn=SyndeiaUsers,ou=MYGROUPS,dc=MYCOMPANY,dc=MYCOM", then use "cn" next
# ldap.groupSettings.bindAttribute="cn"
#
# Attribute used in group instances to indicate members of that group
# Default if absent would be "uniqueMember"
# ldap.groupSettings.memberAttribute="uniqueMember" | 