Configuring Server Properties - Security
See also: Server Administration Application Home Page, User Authentication
Click the Save button at the bottom of the page to save the properties. These properties are saved to file security.properties in the ebaseConf folder of the web application e.g. userdata/apps/<webappname>/ebaseConf/security.properties.
Configuration properties to connect to an LDAP Server e.g. Active Directory. These properties are used by:
Label |
Property Name |
Requires Restart |
Description |
Protocol |
Ldap.protocol |
No |
This can be either
|
Ldap.RegistryHost |
No |
Hostname or ip address of the
LDAP registry system. |
|
Ldap.RegistryPort |
No |
Port used by the LDAP registry system. The default is 389. |
|
Ldap.RegistrUrl |
No |
The URL used to access the
LDAP registry system. If specified, this overrides properties Registry Host and |
|
|
|
|
|
Ldap.UserKeyAttributeName |
No |
The user attribute used to search the registry for user data. This attribute should uniquely identify the user. Use sAMAccountName with Active Directory. The default is cn. |
|
Ldap.BindDistinguishedName |
No |
The full DN used by the system to connect to the repository. This parameter supplies the “userid” for connections to the LDAP Registry. If not specified, the system will bind as 'Anonymous'. Note that anonymous binding is only supported by LDAP V3 systems. |
|
Ldap.BindPassword |
No |
The password to be used with the previous property to connect to the repository. |
|
Ldap.BaseDistinguishedName |
No |
The DN suffix to be applied to all LDAP attribute searches. This will be one or more key=value pairs separated by commas which should be specified in reverse order of the LDAP hierarchy tree, i.e. tree root appears last. This parameter should specify the lowest point in the directory tree which is common for all userid searches e.g. if your registry contains a number of paths containing userid definitions, this parameter should specify a point in the directory that is common for all paths. The system searches use subtree scope for directory searches, so the root directory could be specified if necessary. |
|
User Key Attribute Name |
Ldap.UserKeyAttributeName |
No |
The user attribute used to search the registry for user data. This attribute should uniquely identify the user. Use sAMAccountName with Active Directory. The default is cn. |
Sample LDAP properties needed to connect to Active Directory using LDAPServices:
Ldap.RegistryHost=ebt9999
Ldap.BaseDistinguishedName=ou=development,o=ebase
Ldap.UserKeyAttributeName=sAMAccountName
Ldap.BindDistinguishedName=Admin@ebase
Ldap.BindPassword=xxxxx
Click the Test LDAP Connection button to test the parameters above. Note that this will test that the provided user (Bind Distinguished Name) and password are valid, but will not test whether the user is authorised to perform searches. Also the User Key Attribute Name property is not tested.
Label |
Property Name |
Requires Restart |
Description |
User Role Attribute Name |
Ldap.UserRoleAttributeName |
No |
This property applies only when one of the deprecated LDAP login modules are used. It specifies the attribute within the LDAP system that contains a comma delimited list of security roles to be associated with the user. |
Cache Refresh Period |
Ldap.CacheRefreshPeriod |
No |
This property applies only when LDAP User Attributes are used. It specifies the number of minutes cached attribute data is kept in the cache before it is treated as stale and refreshed from the LDAP registry system. The default is 0 (no refresh takes place). |
These properties all have default values that should rarely, if ever, be changed.
Label |
Property Name |
Requires Restart |
Description |
Ufs.logonExitServlet |
Yes |
Specifies the relative URL of
the logon exit program. This defaults to LogonExitServlet
and should not normally be changed. |
|
Ufs.loginModuleEntryName |
Yes |
This property applies only when the deprecated EbaseLogonExit program is used, and specifies the name of the login module entry. |
|
Ufs.userManager |
Yes |
Specifies the class to be used for the authentication manager component. This provides the opportunity to replace the authentication manager component of the Verj.io Security system. |
|
Ufs.authorisationManager |
Yes |
Specifies the class to be used for the authorization manager component. This provides the opportunity to replace the authorization manager component of the Verj.io Security system. |