Skip to main content

The most recent patch for this version is 6.3.3.  Learn more  

Version: 6.3

Connection configuration

Important

In this section of the XML file, the word "connection" is erroneously written as "connnection". This is a known issue and will be corrected in a future update. Currently, however, the misspelled form must be used.

The first part constitutes the connection configuration for the attribute connector, detailing the client implementation to use, the location of the LDAP directory, and the type of authentication and account to use.

  • java.naming.factory.initial

    The value of this property is the fully qualified class name of the factory class that creates the initial context for the LDAP service provider in the Service's LDAP Attribute Finder.

    Supported format: A fully qualified class name. Use the value com.sun.jndi.ldap.LdapCtxFactory to select the Oracle/Sun JRE LDAP provider.

  • java.naming.provider.url

    The LDAP URL that the attribute connector uses to connect to the LDAP Attribute Source. LDAP URLs are typically specified as ldap://<host>:<port> (plaintext) or ldaps://<host>:<port> (secured by TLS), where <port\> normally is 389 for plaintext and 636 for LDAP over TLS.

    Supported format: This field must contain a unique URL address using the character set defined in RFC 1738 A-Z, a-z, 0-9 and the special characters -, _, :, ;, ?, %, &, ;, =, #, \, ., /, +, ", <, >) to a maximum length of 255 characters.

    note

    Since this is an XML file, you have to replace & with &amp;, < with &lt;, and > with &gt;.

  • java.naming.security.authentication

    The type of authentication the attribute connector should use when connecting to the attribute source. Supported are LDAP bind and no authentication.

    Supported format: One of two: simple (LDAP bind) or none.

  • java.naming.security.principal

    This field contains the name of the LDAP principal that is used for LDAP authentication. This field becomes enabled if simple authentication has been selected.

    Supported format: The name of an LDAP account.

  • java.naming.security.credentials

    The password for the LDAP principal selected for the simple authentication method.

The following shows an example of how the XML elements can be implemented. It is an extract from the sample XML-format configuration file supplied in the appendix XML Configuration.

<?xml version="1.0" encoding="UTF-8"?>
<pip:configuration xmlns:pip="http://www.axiomatics.com/ldap.config" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation="http://www.axiomatics.com/ldap.config ldap.config.xsd ">
  <pip:connnection>
    <pip:key name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/>
    <pip:key name="java.naming.security.credentials" value="secret"/>
    <pip:key name="java.naming.security.principal" value="uid=admin,ou=system"/>
    <pip:key name="java.naming.security.authentication" value="simple"/>
    <pip:key name="java.naming.provider.url" value="ldap://10.0.1.196:10389"/>
  </pip:connnection>

Connection configuration example

note

If an LDAPS URL has been specified, the appropriate chains of CA certificates must be in order to verify the host certificate in the JSSE trust store (javax.net.ssl.trustStore).