Sun Java System Directory Server

Download

The Sun Java System Directory Server snippet provides a snippet of server configuration that can be used to configure the Liberty profile to authenticate users with Sun Java System Directory Server.

The password value can be plaintext, or the xor encoded value of the password.

 


<server description="LdapRegistry sample configuration">

    <!-- NOTE: This file is for reference only. -->

    <!-- Enable appSecurity-2.0 and ldapRegistry-3.0 features -->
    <featureManager>
        <feature>appSecurity-2.0</feature>
        <feature>ldapRegistry-3.0</feature>
    </featureManager>

	<!-- Sample configuration for LdapRegistry of the Sun Java System Directory Server type.
         The password value can be plaintext, or the xor encoded value of the password. -->
	<ldapRegistry id="iPlanetDirectoryServerLDAP" realm="SampleLdapiPlanetDirectoryRealm" host="host.domain.com" port="389" ignoreCase="true" baseDN="o=domain,c=us" ldapType="Sun Java System Directory Server" loginProperty="uid">
      
	  <!-- Below shown is the extended configuration. You may not required to add below configuration. Use below snippets only if you want to customize the configuration for ldap registry.
		   Filters configuration in all examples below is supported by federated user registry to only maintain the backward compatibility with stand-alone LDAP configuration.
		   Although it is supported, we recommend to use details configuration of federated user registry instead of specifying filters.

	  <iplanetFilters
            userFilter="(&(uid=%v)(objectclass=inetOrgPerson))"
            groupFilter="(&(cn=%v)(objectclass=ldapsubentry))"
            userIdMap="inetOrgPerson:uid"
            groupIdMap="*:cn"
            groupMemberIdMap="nsRole:nsRole" />
	  <ldapEntityType name="Group" searchFilter="(ObjectClass=ldapsubentry)">
        <objectClass>ldapsubentry</objectClass>
      </ldapEntityType>
      <ldapEntityType name="OrgContainer">
        <rdnProperty name="o">
    		<objectClass>organization</objectClass>
    	</rdnProperty>
    	<rdnProperty name="ou">
    		<objectClass>organizationalUnit</objectClass>
    	</rdnProperty>
    	<rdnProperty name="dc">
    		<objectClass>domain</objectClass>
    	</rdnProperty>
    	<rdnProperty name="cn">
    		<objectClass>container</objectClass>
    	</rdnProperty>
        <objectClass>organization</objectClass>
        <objectClass>organizationalUnit</objectClass>
        <objectClass>domain</objectClass>
        <objectClass>container</objectClass>
      </ldapEntityType>
      <ldapEntityType name="PersonAccount">
        <objectClass>inetOrgPerson</objectClass>
      </ldapEntityType>
      <groupProperties>
        <memberAttribute name="uniquemember" dummyMember="uid=dummy" objectClass="groupOfUniqueNames" scope="direct"/>
        <membershipAttribute name="nsRoleDN" scope="direct"/>
      </groupProperties>
      <attributeConfiguration>
        <attribute name="userPassword" propertyName="password" entityType="PersonAccount" />
        <attribute name="krbPrincipalName" propertyName="kerberosId" entityType="PersonAccount" />
        <propertiesNotSupported name="homeAddress"/>
        <propertiesNotSupported name="businessAddress"/>
      </attributeConfiguration>
      <contextPool enabled="true" initialSize="1" maxSize="0" timeout="0" waitTime="3000ms" preferredSize="3"/>
      <ldapCache>
        <attributesCache size="4000" timeout="1200s" enabled="true" sizeLimit="2000"/>
        <searchResultsCache size="2000" timeout="600s" enabled="true" resultsSizeLimit="1000"/>
      </ldapCache> -->

	</ldapRegistry>
	
</server>