IBM SecureWay Directory Server

Download

The IBM SecureWay Directory Server snippet provides a snippet of server configuration that can be used to configure the Liberty profile to authenticate users with IBM SecureWay Directory Server.

The password value can be plaintext, or the xor encoded value of the password.

<server description="LdapRegistry sample configuration">

    <!-- NOTE: This file is for reference only. -->

    <!-- Enable appSecurity-2.0 and ldapRegistry-3.0 features -->
    <featureManager>
        <feature>appSecurity-2.0</feature>
        <feature>ldapRegistry-3.0</feature>
    </featureManager>

	<!-- Sample configuration for LdapRegistry of the IBM SecureWay Directory Server type.
         The password value can be plaintext, or the xor encoded value of the password. -->
	<ldapRegistry id="secureWayDirectoryServerLDAP" realm="SampleLdapSecureWayDirectoryRealm" host="host.domain.com" port="389" ignoreCase="true" baseDN="o=domain,c=us" ldapType="IBM SecureWay Directory Server" loginProperty="cn">

	  <!-- Below shown is the extended configuration. You may not required to add below configuration. Use below snippets only if you want to customize the configuration for ldap registry.
		   Filters configuration in all examples below is supported by federated user registry to only maintain the backward compatibility with stand-alone LDAP configuration.
		   Although it is supported, we recommend to use details configuration of federated user registry instead of specifying filters.

	  <securewayFilters
            userFilter="(&(uid=%v)(objectclass=ePerson))"
            groupFilter="(&(cn=%v)(|(objectclass=groupOfNames)(objectclass=groupOfUniqueNames)))"
            userIdMap="*:uid"
            groupIdMap="*:cn"
            groupMemberIdMap="groupOfNames:member;groupOfUniqueNames:uniqueMember" />
      <ldapEntityType name="Group">
        <objectClass>groupOfNames</objectClass>
      </ldapEntityType>
      <ldapEntityType name="OrgContainer">
        <rdnProperty name="o">
    		<objectClass>organization</objectClass>
    	</rdnProperty>
    	<rdnProperty name="ou">
    		<objectClass>organizationalUnit</objectClass>
    	</rdnProperty>
    	<rdnProperty name="dc">
    		<objectClass>domain</objectClass>
    	</rdnProperty>
    	<rdnProperty name="cn">
    		<objectClass>container</objectClass>
    	</rdnProperty>
        <objectClass>organization</objectClass>
        <objectClass>organizationalUnit</objectClass>
        <objectClass>domain</objectClass>
        <objectClass>container</objectClass>
      </ldapEntityType>
      <ldapEntityType name="PersonAccount">
        <objectClass>ePerson</objectClass>
      </ldapEntityType>
      <groupProperties>
        <memberAttribute name="member" dummyMember="uid=dummy" objectClass="groupOfNames" scope="direct"/>
      </groupProperties>
      <attributeConfiguration>
        <attribute name="userPassword" propertyName="password" entityType="PersonAccount"/>
		<attribute name="krbPrincipalName" propertyName="kerberosId" entityType="PersonAccount" />
        <propertiesNotSupported name="homeAddress"/>
        <propertiesNotSupported name="businessAddress"/>
      </attributeConfiguration>
      <contextPool enabled="true" initialSize="1" maxSize="0" timeout="0" waitTime="3000ms" preferredSize="3"/>
      <ldapCache>
        <attributesCache size="4000" timeout="1200s" enabled="true" sizeLimit="2000"/>
        <searchResultsCache size="2000" timeout="600s" enabled="true" resultsSizeLimit="1000"/>
      </ldapCache> -->

	</ldapRegistry>
	
</server>