wp_security_domino.properties

# ***************************************************************** # # Licensed Materials - Property of IBM # # 5724-L21 # # Copyright IBM Corp. 2009 All Rights Reserved. # # US Government Users Restricted Rights - Use, duplication or # disclosure restricted by GSA ADP Schedule Contract with # IBM Corp. # # ***************************************************************** ############################################################################### ############################################################################### ## ## ## VMM Stand-alone LDAP configuration ## wp-modify-ldap-security ## wp-update-standalone-ldap ## ## Domino ## ############################################################################### ############################################################################### # The id specifies a unique identifier for the repository within the cell # Characters that are not allowed in normal XML strings ( & < > " ' ) cannot be used in the repository ID. standalone.ldap.id=replacewithyourid # Host name of the primary LDAP server. This host name is either an IP address or a domain name service (DNS) name. standalone.ldap.host=<LDAPHostName> # LDAP server port. standalone.ldap.port=389 # Distinguished name for the appserver to use when binding to the LDAP repository. standalone.ldap.bindDN=cn=<bindDN>,o=yourco.com # Password for the appserver to use when binding to the LDAP repository. standalone.ldap.bindPassword=<replacewithyourpassword> # Type of LDAP server to which you connect # Supported values on WAS 6.1: DOMINO5, DOMINO6, DOMINO65, DOMINO7 # Note: If your LDAP server version is not listed, enter the value for the highest listed version of your server # Supported values on WAS 7: DOMINO standalone.ldap.ldapServerType=DOMINO65 # LDAP filter that maps the short name of a user to an LDAP entry. # For example, to display entries of the object class = inetOrgPerson type by their IDs, specify inetOrgPerson:uid. # This field takes multiple objectclass:property pairs delimited by a semicolon (;). # note: not used during node federation to DMGR with WAS ldap security enabled standalone.ldap.userIdMap=*:cn # LDAP filter that maps the short name of a group to an LDAP entry. # Piece of information that represents groups when groups display.

For example, to display groups by their names, specify *:cn. # The asterisk (*) is a wildcard character that searches on any object class in this case. # This field takes multiple objectclass:property pairs, delimited by a semicolon (;). # note: not used during node federation to DMGR with WAS ldap security enabled standalone.ldap.groupIdMap=*:cn # LDAP filter that identifies user-to-group relationships. # Specifies which property of an objectclass stores the list of members belonging to the group represented by the objectclass. # For directory types SecureWay, and Domino, this field takes multiple objectclass:property pairs, delimited by a semicolon (;). # For IBM Directory Server, Sun ONE, and Active Directory, this field takes multiple group attribute:member attribute pairs delimited by a semicolon (;). # For more information about this syntax, see the LDAP directory service documentation. # note: not used during node federation to DMGR with WAS ldap security enabled standalone.ldap.groupMemberIdMap= # LDAP user filter that searches the user registry for users. # For example, to look up users based on their user IDs, specify (&(uid=%v)(objectclass=inetOrgPerson)) # note: not used during node federation to DMGR with WAS ldap security enabled standalone.ldap.userFilter=(&(|(cn=%v)(uid=%v))(|(objectclass=dominoPerson)(objectclass=inetOrgPerson))) # LDAP group filter that searches the user registry for groups. # note: not used during node federation to DMGR with WAS ldap security enabled standalone.ldap.groupFilter=(&(cn=%v)(|(objectclass=dominoGroup)(objectclass=groupOfNames)(objectclass=groupOfUniqueNames))) # Specifies a user ID and password in the repository that is used for internal process communication. # note: not used during node federation to DMGR with WAS ldap security enabled standalone.ldap.serverId=cn=<serveruserid>,o=yourco.com standalone.ldap.serverPassword=<replacewithyourpassword> # The security context of this server. A realm with this name will be created. standalone.ldap.realm=replacewithyourrealm # The ID of the WAS admin user. The ID must exist in the LDAP server. standalone.ldap.primaryAdminId=cn=<wasuserid>,o=yourco.com standalone.ldap.primaryAdminPassword=<replacewithyourpassword> # The ID of the portal admin user. The ID must exist in the LDAP server. standalone.ldap.primaryPortalAdminId=cn=<portaladminid>,o=yourco.com standalone.ldap.primaryPortalAdminPassword=<replacewithyourpassword> # The user group with admin permission in portal. The group must exist in the LDAP server. standalone.ldap.primaryPortalAdminGroup=cn=<portaladmingroupid> # The LDAP base entry. # This is the startpoint for all LDAP searches of Websphere Application Server Security standalone.ldap.baseDN=o=yourco.com ######################## ## ## LDAP entity types ## ######################## # Entity type Group # The search filter that you want to use to search the entity type. # VMM uses this filter as an addition during search requests in your environment # The syntax is like a standard LDAP searchfilter like (objectclass=dominoGroup) # In general this value can be left blank standalone.ldap.et.group.searchFilter= # One or more object classes (separated by ';') for the entity type. standalone.ldap.et.group.objectClasses=dominoGroup # The object class(es) to use when an entity type is created. If the value of this parameter is the same as the objectClass parameter, you do not need to specify this parameter. standalone.ldap.et.group.objectClassesForCreate= # The search base or bases to use while searching the entity type. standalone.ldap.et.group.searchBases= # Entity type PersonAccount # The search filter that you want to use to search the entity type. # VMM uses this filter as an addition during search requests in your environment # The syntax is like a standard LDAP searchfilter like (objectclass=dominoPerson) # In general this value can be left blank standalone.ldap.et.personaccount.searchFilter= # One or more object classes (separated by ';') for the entity type. # Please check this value with the objectclass used in your LDAP for type User standalone.ldap.et.personaccount.objectClasses=dominoPerson # The object class(es) (separated by ';') to use when an entity type is created. If the value of this parameter is the same as the objectClass parameter, you do not need to specify this parameter. standalone.ldap.et.personaccount.objectClassesForCreate= # The search base or bases to use while searching the entity type. standalone.ldap.et.personaccount.searchBases= ######################## ## ## End LDAP entity types ## ######################## ################################################### ## ## Group member attributes ## ################################################### # The name of the LDAP attribute that is used as the group member attribute.

For example, member or uniqueMember. standalone.ldap.gm.groupMemberName=member # The group object class that contains the member attribute.

For example, groupOfNames or groupOfUnqiueNames. # If not defined, the member attribute applies to all group object classes. standalone.ldap.gm.objectClass=dominoGroup # The scope of the member attribute. Valid values include... # direct - The member attribute only contains direct members. # nested - The member attribute that contains the direct members and the nested members. standalone.ldap.gm.scope=direct # If you create a group without specifying a member, a dummy member will be filled in to avoid creating an exception about missing a mandatory attribute. standalone.ldap.gm.dummyMember=uid=dummy ############################### # Default parent, RDN attribute ############################### # The default parents to be set for the the entity types PersonAccount and Group standalone.ldap.personAccountParent=o=yourco.com standalone.ldap.groupParent= # The RDN attribute names for the entity types PersonAccount and Group # To reset all the values of the rdnProperties parameter, specify a blank string (""). standalone.ldap.personAccountRdnProperties=cn standalone.ldap.groupRdnProperties=cn ################################################### ## ## End Group member attributes ## ################################################### ############################################################################### ## ## Advanced Properties ## ############################################################################### ################### # Group config ################### # The name of the membership attribute.

For example, memberOf in an active directory server and ibm-allGroups in IDS. standalone.ldap.gc.name= # Updates the group membership if the member is deleted or renamed. Some LDAP servers, for example, Domino server, do not clean up # the membership of the user when a user is deleted or renamed. If you choose these LDAP server types in the ldapServerType property, # the value of this parameter is set to true. Use this parameter to change the value. The default value is false. standalone.ldap.gc.updateGroupMembership= # The scope of the membership attribute. Valid values include... # direct - The membership attribute only contains direct groups. # nested - The membership attribute that contains the direct groups and the nested groups. # all - The membership attribute contains direct groups, nested groups, and dynamic members. # The default value is direct. standalone.ldap.gc.scope=direct # Controls how aliases are dereferenced. The default value is always. Valid values include: # always - always deference aliases # never - never deference aliases # finding - deference aliases only during name resolution # searching - deference aliases only after name resolution standalone.ldap.derefAliases=always # Indicates the authentication method to use. The default value is simple. Valid values include: none or strong. standalone.ldap.authentication=simple # The LDAP referral. The default value is ignore. Valid values include: follow, throw, or false. standalone.ldap.referral=ignore # Delimiter used for this realm. The default value is /. standalone.ldap.delimiter=/ # Whether the query matches case sensitivity. # note: not used during node federation to DMGR with WAS ldap security enabled standalone.ldap.ignoreCase=true # Specifies whether secure socket communication is enabled to the LDAP server. # When enabled (sslEnabled=true), the Secure Sockets Layer (SSL) settings for LDAP are used. # The default value is false. standalone.ldap.sslEnabled=false # Name of the appserver SSL configuration to be used for SSL enabled LDAP server. # This property is used to specify a non default SSL configuration if standalone.ldap.sslEnabled=true is set standalone.ldap.sslConfiguration= # Specifies whether to map X.509 certificates into a LDAP directory by exact distinguished name or certificate filter. # Specify the certificate filter to use the specified filter for the mapping, if client certificate authentication is used # for portal server. # Valid values include: EXACT_DN, CERTIFICATE_FILTER standalone.ldap.certificateMapMode=EXACT_DN # Filter certificate mapping property for the LDAP filter, if client certificate authentication is used # for portal server. # The filter is used to map attributes in the client certificate to entries within the LDAP repository. standalone.ldap.certificateFilter= # Should be set to true by default to reuse the LDAP connection. # note: not used during node federation to DMGR with WAS ldap security enabled standalone.ldap.reuseConnection=true # Timeout value in miliseconds for an LDAP server to respond before aborting a request. standalone.ldap.searchTimeLimit=120000 # Defines if VMM will enable the ConnectionPool standalone.ldap.connectionPool=false # Indicates if sorting is supported or not. The default value is false. standalone.ldap.supportSorting=false # Indicates if paging is supported or not. standalone.ldap.supportPaging=false # Indicates if transactions are supported or not. The default value is false. standalone.ldap.supportTransactions=false # Specifies if the external ID is unique. The default value is true. standalone.ldap.isExtIdUnique=true # Indicates if external names are supported or not. The default value is false. standalone.ldap.supportExternalName=false # Indicates to translate RDN or not. The default value is false. standalone.ldap.translateRDN=false # The value of the search count limit. standalone.ldap.searchCountLimit=500 # The value of search page size. standalone.ldap.searchPageSize= # Indicates to return to the primary LDAP server when it is available. The default value is true. standalone.ldap.returnToPrimaryServer= # Indicates the polling interval for testing the primary server availability. # The value of this parameter is specified in minutes. The default value is 15. standalone.ldap.primaryServerQueryTimeInterval= # Indicates the property name used for login. standalone.ldap.loginProperties=uid # The maximum number of context instances that can be maintained concurrently by the context pool. # The default value is 20. standalone.ldap.cp.maxPoolSize=20 ############################################################################### ############################################################################### ## ## ## End - VMM Stand-alone LDAP configuration ## ## ############################################################################### ###############################################################################