# LDAP authentication configuration, see authn/ldap-authn-config.xml # Note, this doesn't apply to the use of JAAS ## Authenticator strategy, either anonSearchAuthenticator, bindSearchAuthenticator, directAuthenticator, adAuthenticator idp.authn.LDAP.authenticator= bindSearchAuthenticator ## Connection properties ## idp.authn.LDAP.ldapURL= ldaps://ldap.nordu.net idp.authn.LDAP.useStartTLS= false idp.authn.LDAP.useSSL= false # Time in milliseconds that connects will block #idp.authn.LDAP.connectTimeout = PT3S # Time in milliseconds to wait for responses #idp.authn.LDAP.responseTimeout = PT3S ## SSL configuration, either jvmTrust, certificateTrust, or keyStoreTrust idp.authn.LDAP.sslConfig= certificateTrust ## If using certificateTrust above, set to the trusted certificate's path idp.authn.LDAP.trustCertificates= %{idp.home}/credentials/ldap-server.crt ## If using keyStoreTrust above, set to the truststore path idp.authn.LDAP.trustStore= %{idp.home}/credentials/ldap-server.truststore ## Return attributes during authentication idp.authn.LDAP.returnAttributes= passwordExpirationTime,loginGraceRemaining ## DN resolution properties ## # Search DN resolution, used by anonSearchAuthenticator, bindSearchAuthenticator # for AD: CN=Users,DC=example,DC=org idp.authn.LDAP.baseDN= dc=nordu,dc=net #idp.authn.LDAP.subtreeSearch = false idp.authn.LDAP.userFilter= (uid={user}) # bind search configuration # for AD: idp.authn.LDAP.bindDN=adminuser@domain.com idp.authn.LDAP.bindDN= dc=nordu,dc=net idp.authn.LDAP.bindDNCredential= blahblah # Format DN resolution, used by directAuthenticator, adAuthenticator # for AD use idp.authn.LDAP.dnFormat=%s@domain.com idp.authn.LDAP.dnFormat= uid=%s,ou=people,dc=example,dc=org # LDAP attribute configuration, see attribute-resolver.xml # Note, this likely won't apply to the use of legacy V2 resolver configurations idp.attribute.resolver.LDAP.ldapURL= %{idp.authn.LDAP.ldapURL} idp.attribute.resolver.LDAP.connectTimeout= %{idp.authn.LDAP.connectTimeout:PT3S} idp.attribute.resolver.LDAP.responseTimeout= %{idp.authn.LDAP.responseTimeout:PT3S} idp.attribute.resolver.LDAP.baseDN= %{idp.authn.LDAP.baseDN:undefined} idp.attribute.resolver.LDAP.bindDN= %{idp.authn.LDAP.bindDN:undefined} idp.attribute.resolver.LDAP.bindDNCredential= %{idp.authn.LDAP.bindDNCredential:undefined} idp.attribute.resolver.LDAP.useStartTLS= %{idp.authn.LDAP.useStartTLS:true} idp.attribute.resolver.LDAP.trustCertificates= %{idp.authn.LDAP.trustCertificates:undefined} idp.attribute.resolver.LDAP.searchFilter= (uid=$resolutionContext.principal) # LDAP pool configuration, used for both authn and DN resolution #idp.pool.LDAP.minSize = 3 #idp.pool.LDAP.maxSize = 10 #idp.pool.LDAP.validateOnCheckout = false #idp.pool.LDAP.validatePeriodically = true #idp.pool.LDAP.validatePeriod = PT5M #idp.pool.LDAP.prunePeriod = PT5M #idp.pool.LDAP.idleTime = PT10M #idp.pool.LDAP.blockWaitTime = PT3S #idp.pool.LDAP.failFastInitialize = false %{idp.attribute.resolver.LDAP.searchFilter}= principalCredential= "%{idp.attribute.resolver.LDAP.bindDNCredential}" baseDN= "%{idp.attribute.resolver.LDAP.baseDN}" useStartTLS= "%{idp.attribute.resolver.LDAP.useStartTLS:true}" trustFile= "%{idp.attribute.resolver.LDAP.trustCertificates}" responseTimeout= "%{idp.attribute.resolver.LDAP.responseTimeout}"> ldapURL= "%{idp.attribute.resolver.LDAP.ldapURL}" connectTimeout= "%{idp.attribute.resolver.LDAP.connectTimeout}" =