Connection configuration

The first part constitutes the connection configuration for the attribute connector, detailing the client implementation to use, the location of the LDAP directory, and the type of authentication and account to use.

• java.naming.factory.initial

  The value of this property is the fully qualified class name of the factory class that creates the initial context for the LDAP service provider in the Service's LDAP Attribute Finder.

  Supported format: A fully qualified class name. Use the value com.sun.jndi.ldap.LdapCtxFactory to select the Oracle/Sun JRE LDAP provider.

• java.naming.provider.url

  The LDAP URL that the attribute connector uses to connect to the LDAP Attribute Source. LDAP URLs are typically specified as ldap://<host>:<port> (plaintext) or ldaps://<host>:<port> (secured by TLS), where <port\> normally is 389 for plaintext and 636 for LDAP over TLS.

  Supported format: This field must contain a unique URL address using the character set defined in RFC 1738 A-Z, a-z, 0-9 and the special characters -, _, :, ;, ?, %, &, ;, =, #, \, ., /, +, ", <, >) to a maximum length of 255 characters.

  note

  Since this is an XML file, you have to replace & with &, < with <, and > with >.

• java.naming.security.authentication

  The type of authentication the attribute connector should use when connecting to the attribute source. Supported are LDAP bind and no authentication.

  Supported format: One of two: simple (LDAP bind) or none.

• java.naming.security.principal

  This field contains the name of the LDAP principal that is used for LDAP authentication. This field becomes enabled if simple authentication has been selected.

  Supported format: The name of an LDAP account.

• java.naming.security.credentials

  The password for the LDAP principal selected for the simple authentication method.

The following are extracts from the sample configuration supplied in the Configuration appendix. The schemas for these configurations can be found in the Schema appendix.

XML

Important

In this section, the word "connection" is erroneously written as "connnection". This is a known issue and will be corrected in a future update.

<pip:connnection>
  <pip:key name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/>
  <pip:key name="java.naming.security.credentials" value="secret"/>
  <pip:key name="java.naming.security.principal" value="uid=admin,ou=system"/>
  <pip:key name="java.naming.security.authentication" value="simple"/>
  <pip:key name="java.naming.provider.url" value="ldap://10.0.1.196:10389"/>
</pip:connnection>

Connection configuration example in XML format

JSON

"connection": {
  "keys": [
    {
      "name": "java.naming.factory.initial",
      "value": "com.sun.jndi.ldap.LdapCtxFactory"
    },
    {
      "name": "java.naming.security.credentials",
      "value": "secret"
    },
    {
      "name": "java.naming.security.principal",
      "value": "uid=admin,ou=system"
    },
    {
      "name": "java.naming.security.authentication",
      "value": "simple"
    },
    {
      "name": "java.naming.provider.url",
      "value": "ldap://10.0.1.196:10389"
    }
  ]
}

Connection configuration example in JSON format

YAML

connection:
  keys:
    - name: java.naming.factory.initial
      value: com.sun.jndi.ldap.LdapCtxFactory
    - name: java.naming.security.credentials
      value: secret
    - name: java.naming.security.principal
      value: uid=admin,ou=system
    - name: java.naming.security.authentication
      value: simple
    - name: java.naming.provider.url
      value: ldap://10.0.1.196:10389

Connection configuration example in YAML format

note

If an LDAPS URL has been specified, the appropriate chains of CA certificates must be in order to verify the host certificate in the JSSE trust store (javax.net.ssl.trustStore).