LDAP Properties

LDAP settings are stored in the lcm.properties file, located in the LifeCycle Manager Server installation folder. This table describes each property in the LDAP section of the lcm.properties file.

Property Description
ldap.validation

LDAP validation enabled/disabled. If set to false, no validation against LDAP is performed (not recommended for production environments).

Example:

true/false

ldap.server.x

LDAP server number x

Example:

ldap.company.com

10.20.30.40

ldap.port.x

LDAP port for LDAP server number x

Example:

389 (LDAP)

636 (LDAPS)

ldap.bind.user.x

Bind user (distinguished name) for LDAP server number x

Example:

CN=User,OU=Users,DC=company,DC=com

ldap.bind.password.x

Password for the bind user for LDAP server number x. This password will be automatically encrypted when the LifeCycle Manager Server is started.

Example:

password

Note: 

The bind user password cannot end with @.

ldap.ssl.enabled.x

SSL (LDAPS) enabled/disabled for LDAP server number x

Example:

true / false

ldap.trust.store

Path to Java keystore where the public server certificate of the LDAP server (or its certificate authority) is stored. Only needed if SSL is enabled.

Example:

/u01/app/LCM-Server/JSSE/ldaps

ldap.trust.store.password

Password for the Java keystore. Only needed if SSL is enabled.

Example:

password

Note: 

The trust store password cannot end with @.

ldap.user.prefix

The attribute that LifeCycle Manager will use to display the user name of users in the directory service.

Example:

sAMAccountName

cn

displayName

ldap.group.prefix

The attribute that LifeCycle Manager will use to display the group name of groups in the directory service.

Example:

sAMAccountName

cn

name

ldap.user.suffix

The base distinguished name which indicates the starting point for LDAP searches of users in the directory service.

Example:

OU=Users,DC=company,DC=com

ldap.group.suffix

The base distinguished name which indicates the starting point for LDAP searches of groups in the directory service.

Example:

OU=Groups,DC=company,DC=com

ldap.group.member.attr

The attribute for groups in the directory service that LifeCycle Manager will use to determine which users are members of that group.

Example:

member

ldap.user.filter

LDAP filter that searches the user registry for users.

Example:

(&(|(cn=%v)(sAMAccountName=%v))(objectClass=user))

ldap.group.filter

LDAP filter that searches the user registry for groups.

Example:

(&(cn=%v)(objectClass=group))

ldap.lcm.admin.group

The LifeCycle Manager administrators group.

Example:

LCMAdmins

ldap.lcm.user.group

The LifeCycle Manager user group. If this property is left blank, all users in LDAP (that can be found with an LDAP search using the user search filter) are allowed to log on to LifeCycle Manager.

Example:

LCMUsers

ldap.days.before.password .expiration

The number of days in advance that LifeCycle Manager will warn before the password of the LDAP bind user expires. The default is 14 days.

Only used if Active Directory is used.

Example:

14

For more information about how to change passwords, see LifeCycle Manager Administration Guide.