FileNet P8 Platform, Version 5.2.1            

Directory Configuration Properties (Oracle Directory Server Enterprise Edition)

A list of the properties in the DirectoryConfigurationSunOne class.

  • For authentication, use Configuration Manager's Configure LDAP screen to view or modify editable properties.
  • For authorization, use Administration Console for Content Platform Engine to view or modify editable properties.
Start of change
Restriction: Use care when you enter values for the directory configuration properties. The use of unsupported attributes or incorrectly entered attributes as values for the directory configuration properties can result in a failure of the Content Platform Engine to start. To resolve the problem, you might have to revert to the most recent valid global configuration database (GCD) epoch prior to the directory configuration properties changes, or you might have to contact IBM Software Support for additional assistance with the resolution.
End of change
List of properties for the DirectoryConfigurationSunOne class, whether it can be edited, and a description for each property.
Property Name Editable? Description
ClassDescription No A ClassDescription object containing the fixed description of the class from which a given object is instantiated.
DirectoryServerHost Yes Specifies the name of the host that is running the directory server product.
DirectoryServerPassword Yes Specifies the user password used to authenticate to a given directory server.
DirectoryServerPort Yes Specifies the port number of the directory server. The value of this property defaults to port 389 for all supported directory server types.
DirectoryServerProviderClass Yes Specifies the directory server provider class name: com.filenet.engine.security.SunOneProvider
DirectoryServerType No Specifies the type of directory server: SunOne
DirectoryServerUserName Yes

Specifies the user name for authenticating to the directory server. Example:

uid=admin,ou=administrators,
     ou=topologymanagement,o=netscaperoot
DisplayName Yes The user-readable, provider-specific name of an object. This property is usually the designated Name property of the object's class.
GroupBaseDN Yes The base DN for searching for groups in the directory server.
GroupDisplayNameAttribute Yes Specifies the display name for a Group object generated by the authentication provider. The default property value is dependent on the authentication provider and is specified by the provider's configuration.
GroupMembership SearchFilter Yes The search filter for group membership queries.
GroupNameAttribute Yes Defines the directory server attribute to be used as the short name for a group.
GroupSearchFilter Yes

Specifies search filter for groups. Example:

(&(objectClass=groupOfUniqueNames)(cn={0}))
GroupUniqueIDAttribute Yes

The directory service attribute that serves as the security identifier (SID) for each group. Select an attribute whose values are unique and do not change over time. Typically, this attribute is the same as the UserUniqueIDAttribute.

You must use only those LDAP attributes that return Java String in the LDAP Java API.

Start of changeContent Platform Engine defines an LDAP attribute as the default for this property to obtain the unique SIDs. You can choose to configure a different LDAP attribute, a non-default LDAP attribute, for this property. If you do so, remember that the workflow system places additional limitations on the size of the SID. These limitations are related to how the Content Engine API returns the string representation for the user and group SIDs. The limit for an SID value for use with the workflow system is 256 characters. For more specific information about SID limits, see What are access rights?End of change

Id No An object's globally unique ID (GUID).
IsSSLEnabled Yes Defines whether or not Secure Sockets Layer (SSL) protocol is enabled for a given DirectoryConfiguration object. The default value is false, indicating that SSL is disabled.
RestrictMembershipToConfiguredRealms Yes

Restricts a group membership search to within the realms configured in Administration Console for Content Platform Engine.

A user can be in a configured realm but belong to a group in an unconfigured realm. By default (that is, when the property value is False), the server automatically searches cross-realm group membership (also called cross-domain group membership in Active Directory). If it reaches a realm that is not configured in Administration Console for Content Platform Engine, the server returns a Realm not found error and group membership search processing stops. However, if the property value is True when this situation occurs, the server logs an informational message to the server error log and the group membership search continues.

UserBaseDN Yes The base DN for searching for users in the directory server.
UserDisplayNameAttribute Yes Specifies the display name for a User object generated by the authentication provider. The default property value is dependent on the authentication provider and is specified by the provider's configuration.
UserNameAttribute Yes The directory service attribute that has been configured as the Logon Attribute.
UserSearchFilter Yes
Start of changeSpecifies search filter for users, for example:
(&(objectClass=person)(uid={0}))
where uid will serve as the short name. UserSearchFilter must use the same LDAP attribute as UserNameAttribute. End of change
UserUniqueIDAttribute Yes

The directory service attribute that serves as the security identifier (SID) for each user. Select an attribute whose values are unique and do not change over time. Typically, this attribute is the same as the GroupUniqueIDAttribute.

You must use only those LDAP attributes that return Java String in the LDAP Java API.

Start of changeContent Platform Engine defines an LDAP attribute as the default for this property to obtain the unique SIDs. You can choose to configure a different LDAP attribute, a non-default LDAP attribute, for this property. If you do so, remember that the workflow system places additional limitations on the size of the SID. These limitations are related to how the Content Engine API returns the string representation for the user and group SIDs. The limit for an SID value for use with the workflow system is 256 characters. For more specific information about SID limits, see What are access rights?End of change



Last updated: October 2015
p8psd029.htm

© Copyright IBM Corporation 2015.