The LDAP security provider provides authentication, authorization, and attribution services.
These properties may be used less frequently as those listed above. However, they may still be important for authentication and role evaluation.
Property | Default value | Description |
---|---|---|
AuthenticationMethod | simple | The authentication method to use for all authentication requests into LDAP. Legal values are generally the same as those of the java.naming.security.authentication JNDI property. Choose one of:
|
AuthenticationSearchBase | none | The search base used to authenticate users. If this value is not specified, the LDAP DefaultSearchBase is used. |
AuthenticationScope | onelevel | The authentication search scope. The supported values for this are: If you do not specify a value or if you specify an invalid value, the default value is used. |
BindDN | none |
The user DN to bind against when building the initial LDAP connection. In many cases, this user may need read permissions on all user records. If you do not set a value, anonymous binding is used. Anonymous binding works on most servers without additional configuration. However, the LDAP attributer may also use this DN to create the users in the LDAP server. When the self-registration feature is used, this user may also need the requisite permissions to create a user record. This behavior can occur if you do not set useUserCredentialsToBind to true. In this case, the LDAP attributer uses this DN to update the user attributes. |
BindPassword | none |
BindPassword is the password for BindDN, which is used to authenticate any user. BindDN and BindPassword are used to separate the LDAP connection into units. The AuthenticationMethod property determines the bind method used for this initial connection. |
RoleSearchBase | none | The search base used to retrieve lists of roles. If this value is not specified, the LDAP DefaultSearchBase is used. |
RoleScope | onelevel | The role search scope. The supported values for this are: If you do not specify a value or if you specify an invalid value, the default value is used. |