Versions Compared

Old Version 2

changes.mady.by.user Christine Koppelt

Saved on

compared with

New Version 3

changes.mady.by.user Christine Koppelt

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
xml
xml
  <bean id="environment" class="org.springframework.beans.factory.config.PropertiesFactoryBean">
    <property name="properties">
      <props>
        <!-- JNDI security properties used to get initial contexts.         -->
        <prop key="java.naming.security.authentication">simple</prop>
        <prop key="java.naming.security.principal">uid=admin,ou=system</prop>
        <prop key="java.naming.security.credentials">secret</prop>
        <!-- 
        <prop key="java.naming.ldap.attributes.binary"></prop>
        -->
      </props>
    </property>
  </bean>

Parameter

Default value

Description

Protocol providers

Parameters common to all protocol providers

...

LDAP-Specific Configuration Parameters

Code Block
xml
xml

  <bean id="ldapConfiguration" class="org.apache.directory.server.ldap.LdapConfiguration">
    <!-- The port to run the LDAP protocol on.                              -->
    <property name="ipPort" value="389" />
    <!-- Whether to allow anonymous access.                                 -->
    <property name="allowAnonymousAccess" value="false" />
    
    <!-- The list of supported authentication mechanisms.                   -->
    <property name="supportedMechanisms">
      <list>
        <value>SIMPLE</value>
        <value>CRAM-MD5</value>
        <value>DIGEST-MD5</value>
        <value>GSSAPI</value>
      </list>
    </property>
    
    <!-- The FQDN of this SASL host, validated during SASL negotiation.     -->
    <property name="saslHost" value="ldap.example.com" />
    
    <!-- The Kerberos principal name for this LDAP service, used by GSSAPI. -->
    <property name="saslPrincipal" value="ldap/ldap.example.com@EXAMPLE.COM" />
    
    <!-- The desired quality-of-protection, used by DIGEST-MD5 and GSSAPI.  -->
    <property name="saslQop">
      <list>
        <value>auth</value>
        <value>auth-int</value>
        <value>auth-conf</value>
      </list>
    </property>
    
    <!-- The realms serviced by this SASL host, used by DIGEST-MD5 and GSSAPI. -->
    <property name="saslRealms">
      <list>
        <value>example.com</value>
        <value>apache.org</value>
      </list>
    </property>
    
    <!-- The base DN containing users that can be SASL authenticated.       -->
    <property name="searchBaseDn" value="ou=users,dc=example,dc=com" />
    
    <!-- SSL CONFIG CAN GO HERE-->
    
    <!-- limits searches by non-admin users to a max time of 15000          -->
    <!-- milliseconds and has a default value of 10000                      -->
    <property name="maxTimeLimit" value="15000" />
    <!-- limits searches to max size of 1000 entries: default value is 100  -->
    <property name="maxSizeLimit" value="1000" />
    <!-- the collection of extended operation handlers to install           -->
    <property name="extendedOperationHandlers">
      <list>
        <!--<bean class="org.apache.directory.server.ldap.support.starttls.StartTlsHandler"/>-->
        <bean class="org.apache.directory.server.ldap.support.extended.GracefulShutdownHandler"/>
        <bean class="org.apache.directory.server.ldap.support.extended.LaunchDiagnosticUiHandler"/>
      </list>
    </property>
  </bean>

Parameter

Default value

Description

allowAnonymousAccess

true

Whether to allow anonymous access.

maxSizeLimit

100

The maximum size limit.

maxTimeLimit

10000

The maximum time limit.

enableLdaps

false

Whether LDAPS is enabled.

ldapsCertificateFile

server-work/certificates/server.cert

The path to the certificate file.

ldapsCertificatePassword

changeit

The certificate password.

extendedOperationHandlers

No default.

The extended operation handlers.

supportedMechanisms

SIMPLE, CRAM-MD5, DIGEST-MD5, GSSAPI

The supported authentication mechanisms.

saslHost

ldap.example.com

The name of this host, validated during SASL negotiation.

saslPrincipal

ldap/ldap.example.com@EXAMPLE.COM

The service principal, used by GSSAPI.

saslQop

auth, auth-int, auth-conf

The quality of protection (QoP), used by DIGEST-MD5 and GSSAPI.

saslRealms

example.com

The list of realms serviced by this host.

...

Parameter

Default value

Description

encryptionTypes

des-cbc-md5

The encryption types.

primaryRealm

EXAMPLE.COM

The primary realm.

servicePrincipal

krbtgt/EXAMPLE.COM@EXAMPLE.COM

The service principal name.

allowableClockSkew

5 minutes

The allowable clock skew.

paEncTimestampRequired

true

Whether pre-authentication by encrypted timestamp is required.

maximumTicketLifetime

1440 (24 hours)

The maximum ticket lifetime.

maximumRenewableLifetime

10080 (1 week)

The maximum renewable lifetime.

emptyAddressesAllowed

true

Whether ticket issuance for empty Host Addresses is allowed.

forwardableAllowed

true

Whether forwardable tickets are allowed.

proxiableAllowed

true

Whether proxiable tickets are allowed.

postdateAllowed

true

Whether postdated tickets are allowed.

renewableAllowed

true

Whether renewable tickets are allowed.

Change Password-Specific Configuration Parameters

Code Block
xml
xml

  <bean id="changePasswordConfiguration" class="org.apache.directory.server.changepw.ChangePasswordConfiguration">
    <!-- Whether to enable the Change Password protocol.                    -->
    <property name="enabled" value="false" />
    <!-- The port to run the Change Password protocol on.                   -->
    <property name="ipPort" value="464" />
  </bean>

Parameter

Default value

Description

encryptionTypes

des-cbc-md5

The encryption types.

primaryRealm

EXAMPLE.COM

The primary realm.

servicePrincipal

kadmin/changepw@EXAMPLE.COM

The service principal name.

allowableClockSkew

5 minutes

The allowable clock skew.

emptyAddressesAllowed

true

Whether tickets issued with empty Host Addresses are allowed.

policyPasswordLength

6 characters

The policy for minimum password length.

policyCategoryCount

3 (out of 4)

The policy for number of character categories required (A - Z), (a - z), (0 - 9), non-alphanumeric (!, $, #, %, ... ).

policyTokenSize

3 characters

The policy for minimum token size. Passwords must not contain tokens larger than 'policyTokenSize' that occur in the user's principal name.

Server Startup Configuration

Replication

Code Block
xml
xml

        <bean class="org.apache.directory.server.core.configuration.MutableInterceptorConfiguration">
          <property name="name" value="replicationService" />
          <property name="interceptor">
            <bean class="org.apache.directory.mitosis.service.ReplicationService">
              <property name="configuration">
                <bean class="org.apache.directory.mitosis.configuration.ReplicationConfiguration">
                  <property name="replicaId">
                    <bean class="org.apache.directory.mitosis.common.ReplicaId">
                      <constructor-arg>
                        <value>instance_a</value>
                      </constructor-arg>
                    </bean>
                  </property>
                  <property name="serverPort" value="10390" />
                  <property name="peerReplicas" value="instance_b@localhost:10392" />
                </bean>
              </property>
            </bean>
          </property>
        </bean>

Parameter

Default value

Description

Partition Configuration