FileNet P8 Platform, Version 5.2.1            

Directory Configuration Properties (Active Directory Lightweight Directory Services)

A list of the properties in the DirectoryConfigurationADAM class.

  • For authentication, use Configuration Manager's Configure LDAP screen to view or modify editable properties.
  • For authorization, use Administration Console for Content Platform Engine to view or modify editable properties. See FileNet P8 domain properties (Directory config tab) for information.
Start of change
Restriction: Use care when you enter values for the directory configuration properties. The use of unsupported attributes or incorrectly entered attributes as values for the directory configuration properties can result in a failure of the Content Platform Engine to start. To resolve the problem, you might have to revert to the most recent valid global configuration database (GCD) epoch prior to the directory configuration properties changes, or you might have to contact IBM Software Support for additional assistance with the resolution.
End of change
List of properties for the DirectoryConfigurationADAM class, whether it can be edited, and a description for each property.
Property Name Editable? Description
ClassDescription No A ClassDescription object containing the fixed description of the class from which a given object is instantiated.
DirectoryServerHost Yes Specifies the name of the host that is running the directory server product.
DirectoryServerPassword Yes Specifies the user password used to authenticate to a given directory server.
DirectoryServerPort Yes Specifies the port number of the directory server. The value of this property defaults to port 389 for all supported directory server types.
DirectoryServerProviderClass Yes Specifies the directory server provider class name: com.filenet.engine.security.AdamDirectoryProvider
DirectoryServerType No Specifies the type of directory server: AD LDS
DirectoryServerUserName Yes Specifies the user name for authenticating to the directory server. Example: cn=ceadmin,ou=people,o=isp
DisplayName Yes The user-readable, provider-specific name of an object. This property is usually the designated Name property of the object's class.
GroupBaseDN Yes The base DN for searching for groups in the directory server. Example: ou=people,o=isp
GroupDisplayNameAttribute Yes Specifies the display name for a Group object generated by the authentication provider: cn
GroupMembershipSearchFilter Yes

The search filter for group membership queries. Example:

(&(objectClass=group)(member={0}))
GroupNameAttribute Yes Defines the directory server attribute to be used as the short name for a group: cn
GroupSearchFilter Yes

Specifies search filter for groups. Example:

(&(objectclass=group)(cn={0}))

where cn has been set as the short name. GroupSearchFilter must use the same LDAP attribute as GroupNameAttribute.

GroupUniqueIDAttribute Yes

The directory service attribute that serves as the security identifier (SID) for each group. Select an attribute whose values are unique and do not change over time. Typically, this attribute is the same as the UserUniqueIDAttribute.

You must use only those LDAP attributes that return Java String in the LDAP Java API.

Start of changeContent Platform Engine defines an LDAP attribute as the default for this property to obtain the unique SIDs. You can choose to configure a different LDAP attribute, a non-default LDAP attribute, for this property. If you do so, remember that the workflow system places additional limitations on the size of the SID. These limitations are related to how the Content Engine API returns the string representation for the user and group SIDs. The limit for an SID value for use with the workflow system is 256 characters. For more specific information about SID limits, see What are access rights?End of change

Id No An object's globally unique ID (GUID).
IsSSLEnabled Yes Defines whether or not Secure Sockets Layer (SSL) protocol is enabled for a given DirectoryConfiguration object. The default value is false, indicating that SSL is disabled.
RestrictMembershipToConfiguredRealms Yes This property has no effect because AD LDS does not support cross-domain group membership.
UserBaseDN Yes The base DN for searching for users in the directory server. Example: ou=people,o=isp
UserDisplayNameAttribute Yes Specifies the display name for a User object generated by the authentication provider: cn
UserShortNameAttribute Yes The directory service attribute that has been configured as the Logon Attribute.
UserSearchFilter Yes

Specifies search filter for users:

(&(objectClass=person)(cn={0}))

where cn has been set as the short name. This filter finds both native AD LDS accounts and Active Directory accounts referenced by the userProxyFull object or objects configured with msDS-bindableObject as a static auxiliary class. UserSearchFilter must use the same LDAP attribute as UserNameAttribute.

UserUniqueIDAttribute Yes

The directory service attribute that serves as the security identifier (SID) for each user. Select an attribute whose values are unique and do not change over time. Typically, this attribute is the same as the GroupUniqueIDAttribute.

You must use only those LDAP attributes that return Java String in the LDAP Java API.

Start of changeContent Platform Engine defines an LDAP attribute as the default for this property to obtain the unique SIDs. You can choose to configure a different LDAP attribute, a non-default LDAP attribute, for this property. If you do so, remember that the workflow system places additional limitations on the size of the SID. These limitations are related to how the Content Engine API returns the string representation for the user and group SIDs. The limit for an SID value for use with the workflow system is 256 characters. For more specific information about SID limits, see What are access rights?End of change



Last updated: March 2016
p8psd009.htm

© Copyright IBM Corporation 2016.