LDAP
These properties are required when com.unraveldata.login.mode=ldap.
Property/Description | Set by user | Unit | Default |
|---|---|---|---|
com.unraveldata.ldap.Domain | string | - | |
com.unraveldata.ldap.bind_dn LDAP bind DN is a login of an LDAP user that can access Base DN. Used only with Base DN. | string | - | |
com.unraveldata.ldap.bind_pw Password for the user-defined as Bind DN | string | - | |
com.unraveldata.ldap.baseDN LDAP base DN; use your rootDN value if a custom LDAP query is applied. Needed for Open LDAP. See also com.unraveldata.ldap.userDNPattern below as an alternative. | string | - | |
com.unraveldata.ldap.customLDAPQuery A full LDAP query that LDAP Atn provider uses to execute against LDAP Server. If this query returns a null result set, the LDAP Provider fails the Authentication request, succeeds if the user is part of the resultset. If this property is set, filtering and group properties are ignored. | string | - | |
com.unraveldata.ldap.groupClassKey LDAP attribute name on the group entry that is to be used in LDAP group searches. | string | group | |
com.unraveldata.ldap.groupDNPattern COLON-separated list of patterns to use to find DNs for group entities in this directory. Use %s where the actual group name is to be substituted for. Each pattern should be fully qualified. When using this property you must unset com.unraveldata.ldap.domain. | string | - | |
com.unraveldata.ldap.groupFilter COMMA-separated list of LDAP Group names (short name not full DNs). If you wish to have LDAP admins, you must define at least one group of admins. See com.unraveldata.login.admins.ldap.groups. Example: secs-lab-admins,secs-lab-users | CSL | - | |
com.unraveldata.ldap.groupMembershipKey LDAP attribute name on the user entry that references a group that the user belongs to. Default is 'member'. | string | member | |
com.unraveldata.ldap.groupSearchMethods The lookup function list and order definitions of LDAP groups. Allowed values are OID, member-of, and member. These can be specified in any order. | string | OID, member-of, member | |
com.unraveldata.ldap.guidKey LDAP attribute name whose values are unique in this LDAP server. Default is "uid"; not used when the custom query is specified. | string | - | |
com.unraveldata.login.admins.ldap.groups The group(s) of LDAP admins. The group(s) must be listed in com.unraveldata.ldap.groupFilter. Example: secs-lab-admins | CSL | - | |
com.unraveldata.ldap.mailAttribute The mail attribute name in the LDAP response that Unravel server uses to extract the ldap user's email address. If not configured, Unravel server uses the attribute name "mail". | string | ||
com.unraveldata.ldap.realUserAttribute Enables a secondary LDAP lookup. When the AD object does not have the available email string, Unravel needs to do a second lookup to retrieve the user's email address. This email address is used by AutoActions when sending an email to the apps old. | string | uid | |
com.unraveldata.ldap.userDNPattern COLON-separated list of patterns to use to find DNs for users in this directory. Use %s where the actual group name is to be substituted for. This is used as a list of baseDNs and baseDN is ignored if this is set. | string | - | |
com.unraveldata.ldap.userFilter COMMA-separated list of LDAP usernames (just short names, not full DNs). | string | - | |
com.unraveldata.ldap.url The URL for the LDAP server. Can be multiple servers with a space separator. The standard port is used if unspecified. Example: ldap://host ldaps://hostldap://host:9999 ldaps://host1:9999 ldaps://host2:9999 | string | - | |
com.unraveldata.ldap.verbose Enables verbose logging. Grep for "Ldap" entries in the
| boolean | false |