wp_add_federated_domino.properties

# ***************************************************************** # # Licensed Materials - Property of IBM # # 5724-L21 # # Copyright IBM Corp. 2009 All Rights Reserved. # # US Government Users Restricted Rights - Use, duplication or # disclosure restricted by GSA ADP Schedule Contract with # IBM Corp. # # ***************************************************************** ############################################################################### ############################################################################### ## ## ## VMM Federated LDAP Properties - ## for creating/updating the LDAP configuration in VMM ## wp-create-ldap ## wp-update-federated-ldap - confirm that federated.ldap.id and federated.ldap.host matches the repository you want to update. ## ## ############################################################################### ############################################################################### # The id specifies a unique identifier for the repository within the cell # Characters that are not allowed in normal XML strings ( & < > " ' ) cannot be used in the repository ID. federated.ldap.id=replacewithyourid # Host name of the primary LDAP server. This host name is either an IP address or a domain name service (DNS) name. federated.ldap.host=<LDAPHostName> # LDAP server port. federated.ldap.port=389 # Distinguished name for the appserver to use when binding to the LDAP repository. federated.ldap.bindDN=cn=<bindDN>,o=yourco.com # Password for the appserver to use when binding to the LDAP repository. federated.ldap.bindPassword=<replacewithyourpassword> # Type of LDAP server to which you connect # Supported values on WAS 6.1: DOMINO5, DOMINO6, DOMINO65, DOMINO7 # Note: If your LDAP server version is not listed, enter the value for the highest listed version of your server # Supported values on WAS 7: DOMINO federated.ldap.ldapServerType=DOMINO65 # The LDAP base entry. federated.ldap.baseDN=o=yourco.com ############################################ # # LDAP entity types # # The supported entity types are # Group # default searchFilter = <empty> # default objectClasses = groupOfNames # default objectClassesForCreate = groupOfNames # default searchBases = <empty> # PersonAccount # default searchFilter = <empty> # default objectClasses = inetOrgPerson # default objectClassesForCreate = inetOrgPerson # default searchBases = <empty> # ############################################ # Entity type Group # The search filter that you want to use to search the entity type. # VMM uses this filter as an addition during search requests in your environment # The syntax is like a standard LDAP searchfilter like (objectclass=dominoGroup) # In general this value can be left blank federated.ldap.et.group.searchFilter= # One or more object classes (separated by ';') for the entity type. federated.ldap.et.group.objectClasses=dominoGroup # The object class(es) (separated by ';') to use when an entity type is created. If the value of this parameter is the same as the objectClass parameter, you do not need to specify this parameter. federated.ldap.et.group.objectClassesForCreate= # The search base or bases to use while searching the entity type. federated.ldap.et.group.searchBases= # Entity type PersonAccount # The search filter that you want to use to search the entity type. # VMM uses this filter as an addition during search requests in your environment # The syntax is like a standard LDAP searchfilter like (objectclass=dominoPerson) # In general this value can be left blank federated.ldap.et.personaccount.searchFilter= # One or more object classes (separated by ';') for the entity type. federated.ldap.et.personaccount.objectClasses=dominoPerson # The object class(es) (separated by ';') to use when an entity type is created. If the value of this parameter is the same as the objectClass parameter, you do not need to specify this parameter. federated.ldap.et.personaccount.objectClassesForCreate= # The search base or bases to use while searching the entity type. federated.ldap.et.personaccount.searchBases= ######################### # Group member attributes ######################### # The name of the LDAP attribute that is used as the group member attribute.

For example, member or uniqueMember. federated.ldap.gm.groupMemberName=member # The group object class that contains the member attribute.

For example, groupOfNames or groupOfUnqiueNames. # If not defined, the member attribute applies to all group object classes. federated.ldap.gm.objectClass=dominoGroup # The scope of the member attribute. Valid values include... # direct - The member attribute only contains direct members. # nested - The member attribute that contains the direct members and the nested members. federated.ldap.gm.scope=direct # If you create a group without specifying a member, a dummy member will be filled in to avoid creating an exception about missing a mandatory attribute. federated.ldap.gm.dummyMember=uid=dummy ############################################################################### ## ## Advanced Properties ## ############################################################################### # # Group config # # The name of the membership attribute.

For example, memberOf in an active directory server and ibm-allGroups in IDS. federated.ldap.gc.name= # Updates the group membership if the member is deleted or renamed. Some LDAP servers, for example, Domino server, do not clean up # the membership of the user when a user is deleted or renamed. If you choose these LDAP server types in the ldapServerType property, # the value of this parameter is set to true. Use this parameter to change the value. The default value is false. federated.ldap.gc.updateGroupMembership= # The scope of the membership attribute. Valid values include... # direct - The membership attribute only contains direct groups. # nested - The membership attribute that contains the direct groups and the nested groups. # all - The membership attribute contains direct groups, nested groups, and dynamic members. # The default value is direct. federated.ldap.gc.scope=direct # The implementation class name for the repository adapter. # The default value is com.ibm.ws.wim.adapter.ldap.LdapAdapter federated.ldap.adapterClassName=com.ibm.ws.wim.adapter.ldap.LdapAdapter # Indicates if sorting is supported or not. The default value is false. federated.ldap.supportSorting=false # Indicates if transactions are supported or not. The default value is false. federated.ldap.supportTransactions=false # Specifies if the external ID is unique. The default value is true. federated.ldap.isExtIdUnique=true # Indicates if external names are supported or not. The default value is false. federated.ldap.supportExternalName=false # Specifies whether secure socket communication is enabled to the LDAP server. # When enabled (sslEnabled=true), the Secure Sockets Layer (SSL) settings for LDAP are used. # The default value is false. federated.ldap.sslEnabled=false # Name of the appserver SSL configuration (like mySSLconfig) to be used for SSL enabled LDAP server. # Application Server SSL config names can be found in Websphere application Server Admin console at Security-SSL certificate and key management # This property is used to specify a non default SSL configuration if federated.ldap.sslEnabled=true is set federated.ldap.sslConfiguration= # Specifies whether to map X.509 certificates into a LDAP directory by exact distinguished name or certificate filter. # Specify the certificate filter to use the specified filter for the mapping, if client certificate authentication is used # for portal server. # Valid values include: EXACT_DN, CERTIFICATE_FILTER federated.ldap.certificateMapMode=EXACT_DN # Filter certificate mapping property for the LDAP filter, if client certificate authentication is used # for portal server. # The syntax or structure of this filter is: LDAP attribute=${Client certificate attribute} (for example, uid=${SubjectCN}) # The filter is used to map attributes in the client certificate to entries within the LDAP repository. federated.ldap.certificateFilter= # Indicates if paging is supported or not default is false. federated.ldap.supportPaging=false # Indicates the authentication method to use. The default value is simple. Valid values include: none or strong. federated.ldap.authentication=simple # Indicates the property name used for login. Common values include: uid or cn federated.ldap.loginProperties=uid # The LDAP referral. The default value is ignore. Valid values include: ignore, follow, throw, or false. federated.ldap.referral=ignore # Controls how aliases are dereferenced. The default value is always. Valid values include: # always - always deference aliases # never - never deference aliases # finding - deference aliases only during name resolution # searching - deference aliases only after name resolution federated.ldap.derefAliases=always # The connection pool. The default value is false. federated.ldap.connectionPool=false # The connection timeout measured in seconds. The default value is 0. federated.ldap.connectTimeout=0 # Indicates the polling interval for testing the primary server availability. # The value of this parameter is specified in minutes. The default value is 15. federated.ldap.primaryServerQueryTimeInterval=15 # Indicates to return to the primary LDAP server when it is available. The default value is true. federated.ldap.returnToPrimaryServer=true # The value of search page size. This is the number of entries per page. The default is 50. federated.ldap.searchPageSize= # The value of the search count limit. federated.ldap.searchCountLimit=500 # The value of the search time limit measured in miliseconds. federated.ldap.searchTimeLimit=120000 # Indicates to translate RDN or not. The default value is false. federated.ldap.translateRDN=false # The maximum number of context instances that can be maintained concurrently by the context pool. # The default value is 20. federated.ldap.cp.maxPoolSize=20 ############################################################################### ############################################################################### ## ## ## End - VMM Federated LDAP Properties ## ## ############################################################################### ###############################################################################