LDAP properties file

Define the following key=value pairs in the LDAP properties file:

• Connection.Host=

  Required. Host name or IP address of the LDAP server.

• Connection.Port=

  Required. Port number that the LDAP server listens to.

• Connection.Security=

  Optional. Security protocol used to encrypt the traffic to the LDAP server. Possible values: TLS and LDAPS. If no value is specified, the traffic is not encrypted.

• Connection.TrustServer=

  Optional. Indicates if validation of the certificate chain and the host name should be suppressed for encrypted connections to the LDAP server. Possible values: True and False. Defaults to False when Connection.Security is TLS or LDAPS. Not permitted when Connection.Security has no value.

• Prebind.Anonymous=

  Required. Indicates if initial (before a user logs in) LDAP queries use anonymous bind or a configured LDAP administrative account. Possible values: True and False.

• Prebind.User=

  Only required when Prebind.Anonymous is set to False. Distinguished name of the administrative LDAP account used to bind initial LDAP queries.

• Prebind.Password=

  Only required when Prebind.Anonymous is set to False. Password of the administrative LDAP account used to bind initial LDAP queries.

• Groups.Base=

  Required. Distinguished name of the LDAP base entry where all LDAP group entries must be located. These group entries are then used for authorization in KCM Designer. Unless filtered with Groups.Filter, the base entry itself is also available as a group for authorization.

• Groups.Filter=

  Required. LDAP filter expression that determines which LDAP entries under Groups.Base are available as groups for authorization in KCM Designer. Entries that do not conform to the filter are ignored.

• Groups.NameAttribute=

  Required. Attribute for a group entry that denotes its name.

• Groups.MemberAttribute=

  Optional. Attribute of a group entry that enumerates user members of the group. If no value is specified, group membership is determined by Users.MemberAttribute.

  Groups.MemberAttribute does not support nested groups.

• Groups.Admin=

  Required. Distinguished name of the LDAP group entry where all user members are assigned administrative access.

• Users.Base=

  Required. Distinguished name of the LDAP entry where all LDAP user entries must be located. These user entries are then used for logging in to KCM Designer. Unless filtered with Users.Filter, the base entry itself is also available as a user for logging in to KCM Designer.

• Users.Filter=

  Required. LDAP filter expression that determines which LDAP entries under Users.Base are available for logging in to KCM Designer. Entries that do not conform to the filter are ignored.

• Users.NameAttribute=

  Required. Attribute of a user entry that denotes its name.

• Users.MemberAttribute=

  Optional. Attribute of a user entry that enumerates the groups that a user is a member of. If no value is specified, group membership is determined by Groups.MemberAttribute. Users.MemberAttribute relies on the groups returned by the LDAP server in Users.MemberAttribute. Depending on the LDAP server, the attribute supports or does not support nested groups.

To determine group membership, you need to specify a value for Groups.MemberAttribute or for Users.MemberAttribute. If you specify values for both keys, both values are used, and the combination of the two group memberships is taken.