Connection configuration
In this section of the XML file, the word "connection" is erroneously written as "connnection". This is a known issue and will be corrected in a future update. Currently, however, the misspelled form must be used.
The first part constitutes the connection configuration for the attribute connector, detailing the client implementation to use, the location of the LDAP directory, and the type of authentication and account to use.
| Key name | Description | Supported format |
|---|---|---|
| java.naming.factory.initial | The value of this property is the fully qualified class name of the factory class that creates the initial context for the LDAP service provider in the Service's LDAP Attribute Finder. | A fully qualified class name. Use the value "com.sun.jndi.ldap.LdapCtxFactory" to select the Oracle/Sun JRE LDAP provider. |
| java.naming.provider.url | The LDAP URL that the attribute connector uses to connect to the LDAP Attribute Source. LDAP URLs are typically specified as ldap://<host>:<port> (plaintext) or ldaps://<host>:<port> (secured by TLS), where <port> normally is 389 for plaintext and 636 for LDAP over TLS. | This field must contain a unique URL address using the character set defined in RFC 1738 ([A-Z][a-z][0-9] and the special characters '-', '_', ':', ';', '?', '%', '&', ';', '=', '#', '\', '.', '/', '+', '"', '<', '>') to a maximum length of 255 characters. Note: Since this is an XML file, you have to replace: & with \& \< with \< > with \> |
| java.naming.security.authentication | The type of authentication the attribute connector should use when connecting to the attribute source. Supported are LDAP bind and no authentication. | One of two: "simple" (LDAP bind) "none" |
| java.naming.security.principal | This field contains the name of the LDAP principal that is used for LDAP authentication. This field becomes enabled if "simple" authentication has been selected. | The name of an LDAP account |
| java.naming.security.credentials | The password for the LDAP principal selected for the "simple" authentication method. |
The following shows an example of how the XML elements can be implemented. It is an extract from the sample XML-format configuration file supplied in the appendix XML Configuration.
<?xml version="1.0" encoding="UTF-8"?>
<pip:configuration xmlns:pip="http://www.axiomatics.com/ldap.config" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.axiomatics.com/ldap.config ldap.config.xsd ">
<pip:connnection>
<pip:key name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/>
<pip:key name="java.naming.security.credentials" value="secret"/>
<pip:key name="java.naming.security.principal" value="uid=admin,ou=system"/>
<pip:key name="java.naming.security.authentication" value="simple"/>
<pip:key name="java.naming.provider.url" value="ldap://10.0.1.196:10389"/>
</pip:connnection>
Connection configuration example
If an LDAPS URL has been specified, the appropriate chains of CA certificates must be in order to verify the host certificate in the JSSE trust store ("javax.net.ssl.trustStore").