Sample LDAP Configuration File

The file is a sample configuration file. It uses a simple connection to Active Directory with importing of Active Directory groups

# Licensed Materials - Property of IBM® Corporation

# 5724-N88 5725-C431

# (C) Copyright HCL Technologies Ltd. 2001, 2024

# All Rights Reserved

# US Government Users Restricted Rights - Use, duplication or

# disclosure restricted by GSA ADP Schedule Contract with IBM® Corp.

# LDAP Properties

# Server Authentication definition

# The directory URL used to establish an LDAP connection

ldap.connectionURL=ldap://myldapserver

# define the secondary LDAP server name, if the primary is down we can use an alternative LDAP server

#–ldap.alternateURL=

# The username used to authenticate a read-only LDAP connection. If left not set, an anonymous connection is made.

ldap.connectionName=administrator@mydomain.MyCompany.com

# The password used to establish a read-only LDAP connection.

ldap.connectionPassword=myPassword

# Instructs Remote Control to read the value of the password parameter as encrypted ( true) or plain text ( false). See Admin guide for instructions on generating encrypted password

ldap.connectionPasswordEncrypted=false

# The fully qualified Java class name of the JNDI context factory to be used for

# this connection. If left unset, the default JNDI LDAP provider class is used.

# --- -ldap.contextFactory=com.sun.jndi.ldap.LdapCtxFactory

# ##################### SASL Definition ##########################################

# specifying the security level to use. Its value is one of the following strings: "simple" or "DIGEST-MD5".

# . If using SSL, you have to use simple.

ldap.security_authentication=simple

#Identifies the realm or domain from which the connection name should be chosen

# ---- ldap.connectionRealm=

#Quality of protection

# QOP can be one of: auth, auth-int, auth-conf

# auth -- Authentication only

# auth-int --Authentication and integrity checking by using signatures

# auth-conf -- (SASL only) Authentication, integrity and confidentiality checking

# by using signatures and encryption.

# ----ldap.connectionQop=auth

# Number indicating the size of the largest buffer the server is able to receive when

# using "auth-int" or "auth-conf". The default is 65536.

# ldap.connectionMaxbuf=16384

# Strength can be one of: low,medium,high

# ----ldap.connectionStrength=high

# ########################### SSL Definition ##########################################

# specifying the security protocol to use. Its value is a string determined by

# the service provider (for example: "ssl"). If this property is unspecified, the behaviour

# is determined by the service provider.

# ----ldap.security_protocol=ssl

# Access the keystore, this is where the Root CA public key cert was installed

# No need to specify the keystore password for read operations

# ----ldap.ssl_keyStore=PathOfKeyStoreFile

# ----ldap.ssl_keyStorePassword=KeystorePassword

# specifying how referrals encountered by the service provider are to be processed.

# The value of the property is one of the following strings:

# "follow" -- follow referrals automatically

# "ignore" -- ignore referrals

# "throw" -- throw ReferralException when a referral is encountered.

# If this property is not specified, the default is determined by the provider.

# ----ldap.referrals=follow

# ########################## define Group search for LDAP ########################

# The base LDAP directory entry for looking up group information. If left unspecified,

# the default is to use the top-level element in the directory context.

ldap.groupBase=OU=Groups,OU=mylocation,DC=mydomain,DC=mycompany,

DC=com

#The LDAP filter expression used for performing group searches.

ldap.groupSearch=(&(objectClass=group) (name=TRC*))

# Set to true if you want to recursively search the subtree of the element specified in

# the groupBase attribute for groups associated with a user. If left unspecified, the default

# value of false causes only the top level to be searched (a nonrecursive search).

ldap.groupSubtree=true

#The LDAP attribute that we should use for group names.

ldap.groupName=name

#The LDAP attribute that we should use for group descriptions

ldap.groupDescription=description

# This is the attribute specifying user members within a group

ldap.groupMembers=member

# ########################## User search definition ########################

#The base of the subtree containing users

#If not specified, the search base is the top-level context.

ldap.userBase=OU=Users,OU=mylocation,DC=mydomain,DC=mycompany, DC=com

# The LDAP filter expression to use when searching for a user's directory entry, with {0} marking

# where the actual username is inserted.

ldap.userSearch=(&(objectClass=User)(sAMAccountName={0}))

# Set this value to true if you want to recursively search the subtree of the element specified by

# the userBase attribute for the user's directory entry. The default value of false causes only the

# top level to be searched (a nonrecursive search).

ldap.userSubtree=true

#Set this value to true if a user has to be a member of the groups found in the group search

ldap.userInGroup=true

# Digest algorithm (SHA, MD2, or MD5 only)

# Remote control will use it to encrypt the user input password and

# compare it with password it receives from the LDAP server. If left unspecified, the default value is "cleartext".

# ---- ldap.digest=SHA

#LDAP attribute used for userids

ldap.userid=sAMAccountname

# LDAP User password attribute

ldap.userPassword=password

# LDAP Attribute containing the Users Email address

ldap.userEmail=userPrincipalName

# If the following parameters are defined they are mapped into the local remote control database

ldap.forename=givenName

ldap.surname=sn

ldap.title=title

ldap.initials=initialsg

ldap.company=company

ldap.department=department

ldap.telephone=telephoneNumber

ldap.mobile=mobile

ldap.state=st

ldap.country=Co

#### Other property definitions

#Set this value to the page size of LDAP search retrievals (default=500).

# Do not set this to anything greater than the max page size for the LDAP server ( for example, AD has a limit of 1000)

ldap.page.size=500