wp_security_ids.properties

# ***************************************************************** # # Licensed Materials - Property of IBM # # 5724-L21 # # Copyright IBM Corp. 2009 All Rights Reserved. # # US Government Users Restricted Rights - Use, duplication or # disclosure restricted by GSA ADP Schedule Contract with # IBM Corp. # # ***************************************************************** ############################################################################### ############################################################################### ## ## ## VMM Stand-alone LDAP configuration ## wp-modify-ldap-security ## wp-update-standalone-ldap ## ## IDS, SECUREWAY ## ############################################################################### ############################################################################### # The id specifies a unique identifier for the repository within the cell # Characters that are not allowed in normal XML strings ( & < > " ' ) cannot be used in the repository ID. standalone.ldap.id=replacewithyourid # Host name of the primary LDAP server. This host name is either an IP address or a domain name service (DNS) name. standalone.ldap.host=<LDAPHostName> # LDAP server port. standalone.ldap.port=389 # Distinguished name for the appserver to use when binding to the LDAP repository. standalone.ldap.bindDN=uid=<bindDN>,cn=users,dc=yourco,dc=com # Password for the appserver to use when binding to the LDAP repository. standalone.ldap.bindPassword=<replacewithyourpassword> # Type of LDAP server to which you connect # Supported values on WAS 6.1: IDS4, IDS51, IDS52, IDS6, SECUREWAY # Note: If your LDAP server version is not listed, enter the value for the highest listed version of your server # Supported values on WAS 7: IDS standalone.ldap.ldapServerType=IDS6 # LDAP filter that maps the short name of a user to an LDAP entry. # For example, to display entries of the object class = inetOrgPerson type by their IDs, specify inetOrgPerson:uid. # This field takes multiple objectclass:property pairs delimited by a semicolon (;). # note: not used during node federation to DMGR with WAS ldap security enabled standalone.ldap.userIdMap=*:uid # LDAP filter that maps the short name of a group to an LDAP entry. # Piece of information that represents groups when groups display.

For example, to display groups by their names, specify *:cn. # The asterisk (*) is a wildcard character that searches on any object class in this case. # This field takes multiple objectclass:property pairs, delimited by a semicolon (;). # note: not used during node federation to DMGR with WAS ldap security enabled standalone.ldap.groupIdMap=*:cn # LDAP filter that identifies user-to-group relationships. # Specifies which property of an objectclass stores the list of members belonging to the group represented by the objectclass. # For directory types SecureWay, and Domino, this field takes multiple objectclass:property pairs, delimited by a semicolon (;). # For IBM Directory Server, Sun ONE, and Active Directory, this field takes multiple group attribute:member attribute pairs delimited by a semicolon (;). # For more information about this syntax, see the LDAP directory service documentation. # note: not used during node federation to DMGR with WAS ldap security enabled standalone.ldap.groupMemberIdMap= # LDAP user filter that searches the user registry for users. # For example, to look up users based on their user IDs, specify (&(uid=%v)(objectclass=inetOrgPerson)) # note: not used during node federation to DMGR with WAS ldap security enabled standalone.ldap.userFilter=(&(uid=%v)(objectclass=inetOrgPerson)) # LDAP group filter that searches the user registry for groups. # note: not used during node federation to DMGR with WAS ldap security enabled standalone.ldap.groupFilter=(&(cn=%v)(objectclass=groupOfUniqueNames)) # Specifies a user ID and password in the repository that is used for internal process communication. # note: not used during node federation to DMGR with WAS ldap security enabled standalone.ldap.serverId=uid=<serveruserid>,cn=users,o=yourco,dc=com standalone.ldap.serverPassword=<replacewithyourpassword> # The security context of this server. A realm with this name will be created. standalone.ldap.realm=replacewithyourrealm # The ID of the WAS admin user. The ID must exist in the LDAP server. standalone.ldap.primaryAdminId=uid=<wasuserid>,cn=users,dc=yourco,dc=com standalone.ldap.primaryAdminPassword=<replacewithyourpassword> # The ID of the portal admin user. The ID must exist in the LDAP server. standalone.ldap.primaryPortalAdminId=uid=<portaladminid>,cn=users,dc=yourco,dc=com standalone.ldap.primaryPortalAdminPassword=<replacewithyourpassword> # The user group with admin permission in portal. The group must exist in the LDAP server. standalone.ldap.primaryPortalAdminGroup=cn=<portaladmingroupid>,cn=groups,dc=yourco,dc=com # The LDAP base entry. # This is the startpoint for all LDAP searches of Websphere Application Server Security standalone.ldap.baseDN=dc=yourco,dc=com ######################## ## ## LDAP entity types ## ######################## # Entity type Group # The search filter that you want to use to search the entity type. # VMM uses this filter as an addition during search requests in your environment # The syntax is like a standard LDAP searchfilter like (objectclass=groupOfUniqueNames) # In general this value can be left blank standalone.ldap.et.group.searchFilter= # One or more object classes (separated by ';') for the entity type. standalone.ldap.et.group.objectClasses=groupOfUniqueNames # The object class(es) (separated by ';') to use when an entity type is created. If the value of this parameter is the same as the objectClass parameter, you do not need to specify this parameter. standalone.ldap.et.group.objectClassesForCreate= # The search base or bases to use while searching the entity type. standalone.ldap.et.group.searchBases= # Entity type PersonAccount # The search filter that you want to use to search the entity type. # VMM uses this filter as an addition during search requests in your environment # The syntax is like a standard LDAP searchfilter like (objectclass=inetOrgPerson) # In general this value can be left blank standalone.ldap.et.personaccount.searchFilter= # One or more object classes (separated by ';') for the entity type. # Please check this value with the objectclass used in your LDAP for type User standalone.ldap.et.personaccount.objectClasses=inetOrgPerson # The object class(es) (separated by ';') to use when an entity type is created. If the value of this parameter is the same as the objectClass parameter, you do not need to specify this parameter. standalone.ldap.et.personaccount.objectClassesForCreate= # The search base or bases to use while searching the entity type. standalone.ldap.et.personaccount.searchBases= ######################## ## ## End LDAP entity types ## ######################## ################################################### ## ## Group member attributes ## ################################################### # The name of the LDAP attribute that is used as the group member attribute.

For example, member or uniqueMember. standalone.ldap.gm.groupMemberName=uniqueMember # The group object class that contains the member attribute.

For example, groupOfNames or groupOfUnqiueNames. # If not defined, the member attribute applies to all group object classes. standalone.ldap.gm.objectClass=groupOfUniqueNames # The scope of the member attribute. Valid values include... # direct - The member attribute only contains direct members. # nested - The member attribute that contains the direct members and the nested members. standalone.ldap.gm.scope=direct # If you create a group without specifying a member, a dummy member will be filled in to avoid creating an exception about missing a mandatory attribute. standalone.ldap.gm.dummyMember=uid=dummy ############################### # Default parent, RDN attribute ############################### # The default parents to be set for the the entity types PersonAccount and Group standalone.ldap.personAccountParent=cn=users,dc=yourco,dc=com standalone.ldap.groupParent=cn=groups,dc=yourco,dc=com # The RDN attribute names for the entity types PersonAccount and Group # To reset all the values of the rdnProperties parameter, specify a blank string (""). standalone.ldap.personAccountRdnProperties=uid standalone.ldap.groupRdnProperties=cn ################################################### ## ## End Group member attributes ## ################################################### ############################################################################### ## ## Advanced Properties ## ############################################################################### ################### # Group config ################### # The name of the membership attribute.

For example, memberOf in an active directory server and ibm-allGroups in IDS. standalone.ldap.gc.name= # Updates the group membership if the member is deleted or renamed. Some LDAP servers, for example, Domino server, do not clean up # the membership of the user when a user is deleted or renamed. If you choose these LDAP server types in the ldapServerType property, # the value of this parameter is set to true. Use this parameter to change the value. The default value is false. standalone.ldap.gc.updateGroupMembership= # The scope of the membership attribute. Valid values include... # direct - The membership attribute only contains direct groups. # nested - The membership attribute that contains the direct groups and the nested groups. # all - The membership attribute contains direct groups, nested groups, and dynamic members. # The default value is direct. standalone.ldap.gc.scope=direct # Controls how aliases are dereferenced. The default value is always. Valid values include: # always - always deference aliases # never - never deference aliases # finding - deference aliases only during name resolution # searching - deference aliases only after name resolution standalone.ldap.derefAliases=always # Indicates the authentication method to use. The default value is simple. Valid values include: none or strong. standalone.ldap.authentication=simple # The LDAP referral. The default value is ignore. Valid values include: follow, throw, or false. standalone.ldap.referral=ignore # Delimiter used for this realm. The default value is /. standalone.ldap.delimiter=/ # Whether the query matches case sensitivity. # note: not used during node federation to DMGR with WAS ldap security enabled standalone.ldap.ignoreCase=true # Specifies whether secure socket communication is enabled to the LDAP server. # When enabled (sslEnabled=true), the Secure Sockets Layer (SSL) settings for LDAP are used. # The default value is false. standalone.ldap.sslEnabled=false # Name of the appserver SSL configuration to be used for SSL enabled LDAP server. # This property is used to specify a non default SSL configuration if standalone.ldap.sslEnabled=true is set standalone.ldap.sslConfiguration= # Specifies whether to map X.509 certificates into a LDAP directory by exact distinguished name or certificate filter. # Specify the certificate filter to use the specified filter for the mapping, if client certificate authentication is used # for portal server. # Valid values include: EXACT_DN, CERTIFICATE_FILTER standalone.ldap.certificateMapMode=EXACT_DN # Filter certificate mapping property for the LDAP filter, if client certificate authentication is used # for portal server. # The filter is used to map attributes in the client certificate to entries within the LDAP repository. standalone.ldap.certificateFilter= # Should be set to true by default to reuse the LDAP connection. # note: not used during node federation to DMGR with WAS ldap security enabled standalone.ldap.reuseConnection=true # Timeout value in miliseconds for an LDAP server to respond before aborting a request. standalone.ldap.searchTimeLimit=120000 # Defines if VMM will enable the ConnectionPool standalone.ldap.connectionPool=false # Indicates if sorting is supported or not. The default value is false. standalone.ldap.supportSorting=false # Indicates if paging is supported or not. standalone.ldap.supportPaging=false # Indicates if transactions are supported or not. The default value is false. standalone.ldap.supportTransactions=false # Specifies if the external ID is unique. The default value is true. standalone.ldap.isExtIdUnique=true # Indicates if external names are supported or not. The default value is false. standalone.ldap.supportExternalName=false # Indicates to translate RDN or not. The default value is false. standalone.ldap.translateRDN=false # The value of the search count limit. standalone.ldap.searchCountLimit=500 # The value of search page size. standalone.ldap.searchPageSize= # Indicates to return to the primary LDAP server when it is available. The default value is true. standalone.ldap.returnToPrimaryServer= # Indicates the polling interval for testing the primary server availability. # The value of this parameter is specified in minutes. The default value is 15. standalone.ldap.primaryServerQueryTimeInterval= # Indicates the property name used for login. standalone.ldap.loginProperties=uid # The maximum number of context instances that can be maintained concurrently by the context pool. # The default value is 20. standalone.ldap.cp.maxPoolSize=20 ############################################################################### ############################################################################### ## ## ## End - VMM Stand-alone LDAP configuration ## ## ############################################################################### ###############################################################################