diff options
Diffstat (limited to 'conf-from-container/conf/ldap.properties')
| -rw-r--r-- | conf-from-container/conf/ldap.properties | 74 |
1 files changed, 74 insertions, 0 deletions
diff --git a/conf-from-container/conf/ldap.properties b/conf-from-container/conf/ldap.properties new file mode 100644 index 0000000..e9d9ffb --- /dev/null +++ b/conf-from-container/conf/ldap.properties @@ -0,0 +1,74 @@ +# LDAP authentication configuration, see authn/ldap-authn-config.xml +# Note, this doesn't apply to the use of JAAS + +## Authenticator strategy, either anonSearchAuthenticator, bindSearchAuthenticator, directAuthenticator, adAuthenticator +idp.authn.LDAP.authenticator= bindSearchAuthenticator + +## Connection properties ## +idp.authn.LDAP.ldapURL= ldaps://ldap.nordu.net +idp.authn.LDAP.useStartTLS= false +idp.authn.LDAP.useSSL= false +# Time in milliseconds that connects will block +#idp.authn.LDAP.connectTimeout = PT3S +# Time in milliseconds to wait for responses +#idp.authn.LDAP.responseTimeout = PT3S + +## SSL configuration, either jvmTrust, certificateTrust, or keyStoreTrust +idp.authn.LDAP.sslConfig= certificateTrust +## If using certificateTrust above, set to the trusted certificate's path +idp.authn.LDAP.trustCertificates= %{idp.home}/credentials/ldap-server.crt +## If using keyStoreTrust above, set to the truststore path +idp.authn.LDAP.trustStore= %{idp.home}/credentials/ldap-server.truststore + +## Return attributes during authentication +idp.authn.LDAP.returnAttributes= passwordExpirationTime,loginGraceRemaining + +## DN resolution properties ## + +# Search DN resolution, used by anonSearchAuthenticator, bindSearchAuthenticator +# for AD: CN=Users,DC=example,DC=org +idp.authn.LDAP.baseDN= dc=nordu,dc=net +#idp.authn.LDAP.subtreeSearch = false +idp.authn.LDAP.userFilter= (uid={user}) +# bind search configuration +# for AD: idp.authn.LDAP.bindDN=adminuser@domain.com +idp.authn.LDAP.bindDN= dc=nordu,dc=net +idp.authn.LDAP.bindDNCredential= blahblah + +# Format DN resolution, used by directAuthenticator, adAuthenticator +# for AD use idp.authn.LDAP.dnFormat=%s@domain.com +idp.authn.LDAP.dnFormat= uid=%s,ou=people,dc=example,dc=org + +# LDAP attribute configuration, see attribute-resolver.xml +# Note, this likely won't apply to the use of legacy V2 resolver configurations +idp.attribute.resolver.LDAP.ldapURL= %{idp.authn.LDAP.ldapURL} +idp.attribute.resolver.LDAP.connectTimeout= %{idp.authn.LDAP.connectTimeout:PT3S} +idp.attribute.resolver.LDAP.responseTimeout= %{idp.authn.LDAP.responseTimeout:PT3S} +idp.attribute.resolver.LDAP.baseDN= %{idp.authn.LDAP.baseDN:undefined} +idp.attribute.resolver.LDAP.bindDN= %{idp.authn.LDAP.bindDN:undefined} +idp.attribute.resolver.LDAP.bindDNCredential= %{idp.authn.LDAP.bindDNCredential:undefined} +idp.attribute.resolver.LDAP.useStartTLS= %{idp.authn.LDAP.useStartTLS:true} +idp.attribute.resolver.LDAP.trustCertificates= %{idp.authn.LDAP.trustCertificates:undefined} +idp.attribute.resolver.LDAP.searchFilter= (uid=$resolutionContext.principal) + +# LDAP pool configuration, used for both authn and DN resolution +#idp.pool.LDAP.minSize = 3 +#idp.pool.LDAP.maxSize = 10 +#idp.pool.LDAP.validateOnCheckout = false +#idp.pool.LDAP.validatePeriodically = true +#idp.pool.LDAP.validatePeriod = PT5M +#idp.pool.LDAP.prunePeriod = PT5M +#idp.pool.LDAP.idleTime = PT10M +#idp.pool.LDAP.blockWaitTime = PT3S +#idp.pool.LDAP.failFastInitialize = false +%{idp.attribute.resolver.LDAP.searchFilter}= +principalCredential= "%{idp.attribute.resolver.LDAP.bindDNCredential}" +baseDN= "%{idp.attribute.resolver.LDAP.baseDN}" +useStartTLS= "%{idp.attribute.resolver.LDAP.useStartTLS:true}" +trustFile= "%{idp.attribute.resolver.LDAP.trustCertificates}" +responseTimeout= "%{idp.attribute.resolver.LDAP.responseTimeout}"> +ldapURL= "%{idp.attribute.resolver.LDAP.ldapURL}" +connectTimeout= "%{idp.attribute.resolver.LDAP.connectTimeout}" +<![CDATA[= +principal= "%{idp.attribute.resolver.LDAP.bindDN}" +<FilterTemplate>= |