...
Code Block | ||||
---|---|---|---|---|
| ||||
<bean id="environment" class="org.springframework.beans.factory.config.PropertiesFactoryBean"> <property name="properties"> <props> <!-- JNDI security properties used to get initial contexts. --> <prop key="java.naming.security.authentication">simple</prop> <prop key="java.naming.security.principal">uid=admin,ou=system</prop> <prop key="java.naming.security.credentials">secret</prop> <!-- <prop key="java.naming.ldap.attributes.binary"></prop> --> </props> </property> </bean> |
Parameter | Default value | Description |
---|
Protocol providers
Parameters common to all protocol providers
...
LDAP-Specific Configuration Parameters
Code Block | ||||
---|---|---|---|---|
| ||||
<bean id="ldapConfiguration" class="org.apache.directory.server.ldap.LdapConfiguration">
<!-- The port to run the LDAP protocol on. -->
<property name="ipPort" value="389" />
<!-- Whether to allow anonymous access. -->
<property name="allowAnonymousAccess" value="false" />
<!-- The list of supported authentication mechanisms. -->
<property name="supportedMechanisms">
<list>
<value>SIMPLE</value>
<value>CRAM-MD5</value>
<value>DIGEST-MD5</value>
<value>GSSAPI</value>
</list>
</property>
<!-- The FQDN of this SASL host, validated during SASL negotiation. -->
<property name="saslHost" value="ldap.example.com" />
<!-- The Kerberos principal name for this LDAP service, used by GSSAPI. -->
<property name="saslPrincipal" value="ldap/ldap.example.com@EXAMPLE.COM" />
<!-- The desired quality-of-protection, used by DIGEST-MD5 and GSSAPI. -->
<property name="saslQop">
<list>
<value>auth</value>
<value>auth-int</value>
<value>auth-conf</value>
</list>
</property>
<!-- The realms serviced by this SASL host, used by DIGEST-MD5 and GSSAPI. -->
<property name="saslRealms">
<list>
<value>example.com</value>
<value>apache.org</value>
</list>
</property>
<!-- The base DN containing users that can be SASL authenticated. -->
<property name="searchBaseDn" value="ou=users,dc=example,dc=com" />
<!-- SSL CONFIG CAN GO HERE-->
<!-- limits searches by non-admin users to a max time of 15000 -->
<!-- milliseconds and has a default value of 10000 -->
<property name="maxTimeLimit" value="15000" />
<!-- limits searches to max size of 1000 entries: default value is 100 -->
<property name="maxSizeLimit" value="1000" />
<!-- the collection of extended operation handlers to install -->
<property name="extendedOperationHandlers">
<list>
<!--<bean class="org.apache.directory.server.ldap.support.starttls.StartTlsHandler"/>-->
<bean class="org.apache.directory.server.ldap.support.extended.GracefulShutdownHandler"/>
<bean class="org.apache.directory.server.ldap.support.extended.LaunchDiagnosticUiHandler"/>
</list>
</property>
</bean>
|
Parameter | Default value | Description |
---|---|---|
allowAnonymousAccess | true | Whether to allow anonymous access. |
maxSizeLimit | 100 | The maximum size limit. |
maxTimeLimit | 10000 | The maximum time limit. |
enableLdaps | false | Whether LDAPS is enabled. |
ldapsCertificateFile | server-work/certificates/server.cert | The path to the certificate file. |
ldapsCertificatePassword | changeit | The certificate password. |
extendedOperationHandlers | No default. | The extended operation handlers. |
supportedMechanisms | SIMPLE, CRAM-MD5, DIGEST-MD5, GSSAPI | The supported authentication mechanisms. |
saslHost | ldap.example.com | The name of this host, validated during SASL negotiation. |
saslPrincipal | ldap/ldap.example.com@EXAMPLE.COM | The service principal, used by GSSAPI. |
saslQop | auth, auth-int, auth-conf | The quality of protection (QoP), used by DIGEST-MD5 and GSSAPI. |
saslRealms | example.com | The list of realms serviced by this host. |
...
Parameter | Default value | Description |
---|---|---|
encryptionTypes | des-cbc-md5 | The encryption types. |
primaryRealm | EXAMPLE.COM | The primary realm. |
servicePrincipal | krbtgt/EXAMPLE.COM@EXAMPLE.COM | The service principal name. |
allowableClockSkew | 5 minutes | The allowable clock skew. |
paEncTimestampRequired | true | Whether pre-authentication by encrypted timestamp is required. |
maximumTicketLifetime | 1440 (24 hours) | The maximum ticket lifetime. |
maximumRenewableLifetime | 10080 (1 week) | The maximum renewable lifetime. |
emptyAddressesAllowed | true | Whether ticket issuance for empty Host Addresses is allowed. |
forwardableAllowed | true | Whether forwardable tickets are allowed. |
proxiableAllowed | true | Whether proxiable tickets are allowed. |
postdateAllowed | true | Whether postdated tickets are allowed. |
renewableAllowed | true | Whether renewable tickets are allowed. |
Change Password-Specific Configuration Parameters
Code Block | ||||
---|---|---|---|---|
| ||||
<bean id="changePasswordConfiguration" class="org.apache.directory.server.changepw.ChangePasswordConfiguration">
<!-- Whether to enable the Change Password protocol. -->
<property name="enabled" value="false" />
<!-- The port to run the Change Password protocol on. -->
<property name="ipPort" value="464" />
</bean>
|
Parameter | Default value | Description |
---|---|---|
encryptionTypes | des-cbc-md5 | The encryption types. |
primaryRealm | EXAMPLE.COM | The primary realm. |
servicePrincipal | kadmin/changepw@EXAMPLE.COM | The service principal name. |
allowableClockSkew | 5 minutes | The allowable clock skew. |
emptyAddressesAllowed | true | Whether tickets issued with empty Host Addresses are allowed. |
policyPasswordLength | 6 characters | The policy for minimum password length. |
policyCategoryCount | 3 (out of 4) | The policy for number of character categories required (A - Z), (a - z), (0 - 9), non-alphanumeric (!, $, #, %, ... ). |
policyTokenSize | 3 characters | The policy for minimum token size. Passwords must not contain tokens larger than 'policyTokenSize' that occur in the user's principal name. |
Server Startup Configuration
Replication
Code Block | ||||
---|---|---|---|---|
| ||||
<bean class="org.apache.directory.server.core.configuration.MutableInterceptorConfiguration">
<property name="name" value="replicationService" />
<property name="interceptor">
<bean class="org.apache.directory.mitosis.service.ReplicationService">
<property name="configuration">
<bean class="org.apache.directory.mitosis.configuration.ReplicationConfiguration">
<property name="replicaId">
<bean class="org.apache.directory.mitosis.common.ReplicaId">
<constructor-arg>
<value>instance_a</value>
</constructor-arg>
</bean>
</property>
<property name="serverPort" value="10390" />
<property name="peerReplicas" value="instance_b@localhost:10392" />
</bean>
</property>
</bean>
</property>
</bean>
|
Parameter | Default value | Description |
---|