InfoCenter Home >
6: Administer applications >
6.6: Tools and resources quick reference >
6.6.18: Securing applications >
6.6.18.0: General security properties >
6.6.18.0.9: Advanced properties for configuring LDAP support
Key:
Applies to Java administrative console of Advanced Edition Version 4.0
Applies to Web administrative console of Advanced Single Server Edition Version 4.0
Applies to Application Client Resource Configuration Tool
If any of the user and group filters
are modified from their default value, the Directory Type field value on the Authentication
tabbed page will change to Custom.
-
Certificate Filter
- If you specified the filter Certificate Mapping, use this property to specify
the LDAP filter to use to map attributes in the client certificate to entries in LDAP.
Note that if more than one LDAP entry matches the filter specification at runtime,
then authentication will fail because it results in an ambiguous match.
The syntax or structure of this filter is:
LDAP attribute=${Client certificate attribute}
For example:
uid=${SubjectDN}
The left side of the filter specification is an LDAP attribute that depends on the
schema that your LDAP server is configured to use. The right side of the filter specification
is one of the public attributes in your client certificate. Note that the right side must
begin with ${ and end with }.
The following certificate attribute values may be used on the right side of the filter
specification. Note that the case of the strings is important.
- ${UniqueKey}
- ${PublicKey}
- ${Issuer}
- ${NotAfter}
- ${NotBefore}
- ${SerialNumber}
- ${SigAlgName}
- ${SigAlgOID}
- ${SigAlgParams}
- ${SubjectDN}
- ${Version}
To enable this field, select CERTIFICATE_FILTER for the Certificate Mapping.
-
Certificate Mapping
- Whether to map X.509 Certificates into an LDAP directory by EXACT_DN or CERTIFICATE_FILTER. Specify CERTIFICATE_FILTER to use the specified Certificate Filter for the mapping.
-
Group Filter
- An LDAP filter clause for searching the registry for groups. It is typically used for
Security Role to Group assignment. It specifies the property by which to look up groups
in the directory service. For more information about this syntax, see the LDAP
directory service documentation.
-
Group ID Map
- An LDAP filter that maps the short name of a group to an LDAP entry. Specifies
the piece of information that should represent groups when groups are displayed.
For example, to display groups by their names, specify *:cn. The * is a wildcard
character that searches on any object class in this case. This field takes multiple
objectclass:property pairs delimited by a semicolon (";").
-
Group Member ID Map
- An LDAP filter that identifies User to Groups memberships. Specifies which property of an objectclass stores the list of members belonging to the group represented by the objectclass. This field takes multiple objectclass:property pairs delimited by a semicolon (";"). For more information about this syntax, see the LDAP directory service documentation.
-
Initial JNDI Context Factory
- Java classname of the initial context factory of a provider
-
User Filter
- An LDAP filter clause for searching the registry for users. It is typically used for
Security Role to User assignment. It specifies the property by which to look up users in
the directory service.
For example, to look up users based on their user IDs, specify
(ampersand(uid=%v)(objectclass=inetOrgPerson) where ampersand is the ampersand symbol.
For more information about this syntax, see the LDAP directory service documentation.
-
User ID Map
- An LDAP filter that maps the short name of a user to an LDAP entry. Specifies the
piece of information that should represent users when users are displayed.
For example, to display entries of the type object class = inetOrgPerson by their IDs,
specify inetOrgPerson:uid. This field takes multiple objectclass:property pairs delimited
by a semicolon (";").
|
|