Public Properties

  Name Description
Public property DirectoryServerHost Specifies the name of the host that is running the directory server product.
Public property DirectoryServerPassword Specifies the user password used to authenticate to a given directory server. To set the property value, you pass in an encrypted byte array. (See Encryption.Encrypt for information on encrypting the input.) Security measures prevent actual passwords from being returned; instead, this property returns a zero-length byte array instead, giving an indication that the property value has been set, or null if the password has not been set.
Public property DirectoryServerPort Specifies the port number of the directory server. The FileNet P8 Content Engine supports four directory server types: Microsoft Active Directory, IBM Tivoli, Novell eDirectory, and Sun Java System Directory Server (SunOne). The value of this property defaults to port 389 for all supported directory server types.
Public property DirectoryServerProviderClass Specifies the directory server provider class name. The value of this property defaults to the following strings for the directory server types that the FileNet P8 Content Engine supports:
  • com.filenet.engine.security.ActiveDirectoryProvider (for Microsoft Active Directory)
  • com.filenet.engine.security.IBMTivoliProvider (for IBM Tivoli)
  • com.filenet.engine.security.EDirectoryProvider (for Novell eDirectory)
  • com.filenet.engine.security.SunOneProvider (for Sun Java System Directory Server (SunOne))
Public property DirectoryServerType Specifies the type of directory server. The value of this property defaults to the following strings for the directory server types that the FileNet P8 Content Engine supports:
  • AD (for Microsoft Active Directory)
  • ADAM (for Microsoft Active Directory Application Mode) (Windows 2003) and for Microsoft Active Directory Lightweight Directory Services (Windows 2008))
  • IBM (for IBM Tivoli)
  • Novell (for Novell eDirectory)
  • SunOne (for Sun Java System Directory Server)
Public property DirectoryServerUserName Specifies the username for authenticating to the directory server. The following are examples of strings for Active Directory and SunOne directory servers:
  • For Active Directory: "CN=test1,CN=Users,DC=myCompany,DC=com"
  • For SunOne: "uid=admin,ou=administrators,ou=topologymanagement, o=netscaperoot"
Public property DisplayName The user-readable, provider-specific name of an object. This property is usually the designated Name property of the object's class.
Public property GroupBaseDN Specifies the base Distinguished Name (DN) for searching for groups in the directory server.
Public property GroupDisplayNameAttribute Specifies the directory server attribute to be used as the display name for a group. The default property value is dependent on the directory service type and is specified by the authentication provider's configuration.
Public property GroupMembershipSearchFilter Specifies the search filter for group membership queries.

The default value of this property is null for Active Directory service provider. The default value for other supported directory service providers is unique to the provider, as follows:

  • ADAM and AD LDS: (&(objectClass=group)(member={0}))
  • IBM: (|(&(objectClass=groupOfNames)(member={0}))(&objectclass=groupOfUniqueNames)(uniqueMember={0})))
  • Novell: (&(objectClass=groupOfNames)(member={0}))
  • SunOne: (&(objectClass=groupOfUniqueNames)(uniqueMember={0}))
Public property GroupNameAttribute Defines the directory server attribute to be used as the short name for a group. The default value of this property is samAccountName for the Active Directory service provider and cn for all other supported directory service providers.
Public property GroupSearchFilter Specifies the search filter for querying a group or groups. The filter must be in the following format: "(&(objectClass=user_defined_class)(an_attribute={0}))", where user_defined_class is the object class you want (for example, user) and an_attribute is the LDAP server-specific attribute (for example, samAccountName, cn, or uid).

The default value of this property is unique to the directory service provider, as follows:

  • ActiveDirectory: (&(objectClass=group)(samAccountName={0})), where samAccountName serves as the short name.
  • ADAM and AD LDS: (&(objectClass=group)(person={0}))
  • SunOne: (&(objectClass=groupOfUniqueNames)(cn={0}))
  • Novell: (&(objectClass=groupOfNames)(cn={0}))
  • IBM: ((&(cn={0})(|objectClass=groupOfNames)(&objectClass=groupOfUniqueNames)))
Public property Id A representation of the Globally Unique Identifier (GUID), a unique 128-bit number, that is assigned to this Content Engine object when the object is created. When converted to a string, the Id property is typically depicted as 32 hexadecimal characters enclosed by brackets in the following format: {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}. For example, {3F2504E0-4F89-11D3-9A0C-0305E82C3301}.

For IUser and IGroup classes, the Id property takes the value of the Security Identifier (SID) rather than the 128-bit GUID. The string representation of the SID is in this example format: S-1-5-21-1559522492-2815155736-3711640725-55269. When Active Directory is used as the directory service for IBM FileNet P8, IUser.Id and IGroup.Id always return the current SID for the principal, even if this user or group has only historical SIDs populating the Active Directory server.

For a given property representation, the Id property has the following characteristics:

  • PropertyDescription.Id is equal to PropertyTemplate.Id, which is equal to PropertyDefinition.PrimaryId.
  • PropertyDefinition.Id is not equal to PropertyDefinition.PrimaryId.
  • PropertyDefinition.Id is not equal to PropertyDescription.Id.

For a newly created document object, you can override the Id property of its associated VersionSeries object before you save or check in the document for the first time.

Public property IsSSLEnabled Defines whether or not Secure Sockets Layer (SSL) protocol is enabled for a given DirectoryConfiguration object. The default value for all directory server types supported by the IBM FileNet P8 Content Engine is False, indicating that SSL is disabled.
Public property RestrictMembershipToConfiguredRealms Restricts a group membership search to within the realms configured in FileNet Enterprise Manager.

By default (that is, when the property value is False), the Content Engine Server automatically traces cross-realm group membership (also called cross-domain group membership in Active Directory). If it reaches a realm that is not configured in FileNet Enterprise Manager, the Content Engine server returns a "Realm not found" error and group membership search processing stops. However, if the property value is True when this situation occurs, the Content Engine server logs an informational message to the Content Engine server error log and the group membership search continues.

Note: This property is not supported for the Windows Active Directory Application Mode (ADAM) directory service provider. This is because ADAM does not support cross-realm group memberships (cross-partition memberships, in ADAM terminology).

Public property UserBaseDN Specifies the base Distinguished Name (DN) for searching for users in the directory server.
Public property UserDisplayNameAttribute Specifies the directory server attribute to be used as the display name for a user. The default property value is dependent on the directory server type and is specified by the authentication provider's configuration.
Public property UserNameAttribute Defines the directory server attribute to be used as the short name for a user. The default value of this property is unique to the directory service provider as follows:
  • Active Directory: samAccountName
  • Sun One: uid
  • Novell: cn
  • IBM: cn
Public property UserSearchFilter Specifies the search filter for querying a user or users. The filter must be in the following format: "(&(objectClass=user_defined_class)(an_attribute={0}))", where user_defined_class is the object class you want (for example, user or person) and an_attribute is the LDAP server-specific attribute (for example, samAccountName, cn, or uid).

The default value of this property is unique to the directory service provider, as follows:

  • ActiveDirectory: (&(objectClass=user)(samAccountName={0})), where samAccountName serves as the short name.
  • ADAM and AD LDS: (&(objectClass=person)(member={0}))
  • SunOne: (&(objectClass=person)(uid={0}))
  • Novell: (&(objectClass=person)(cn={0}))
  • IBM: (&(objectClass=person)(cn={0}))
Top

See Also