Installation properties

Multiple configuration properties are available for the standalone deployment. Some of them are required and some will get a default value if omitted.

Example property file

com.sun.jndi.ldap.connect.pool=false
auto.update.certificates=true
grant.session.provider=true
admin.user.0=myadminuid
admin.user.1=otheradminuid
num.ldap.configs=2
ldap.hostName.conf1=ldap.acme.com
ldap.port.conf1=389
ldap.encryptionMethod.conf1=START_TLS
ldap.baseDN.conf1=DC=acme,DC=com
ldap.bindUser.conf1=binduser@acme.com
ldap.bindPassword.conf1=password
ldap.userAttribute.conf1=sAMAccountName
ldap.userObjectClass.conf1=user
ldap.userSearchScope.conf1=sub
ldap.strip.domain.conf1=true
ldap.groupSearchScope.conf1=sub
ldap.groupObjectClass.conf1=group
ldap.nested.groups.conf1=true
ldap.groupAttributeName.conf1=member
ldap.userDisplayName.conf1.0=displayName
ldap.userDN.extended.conf1.0=OU=Global-Users
ldap.groupDN.extended.conf1.0=OU=Groups
ldap.groupDN.extended.conf1.1=OU=More-Groups
ldap.hostName.conf2=ldap.acme.com
ldap.port.conf2=389
ldap.encryptionMethod.conf2=START_TLS
ldap.baseDN.conf2=DC=acme,DC=com
ldap.bindUser.conf2=binduser@acme.com
ldap.bindPassword.conf2=password
ldap.userAttribute.conf2=mail
ldap.userObjectClass.conf2=user
ldap.userSearchScope.conf2=sub
ldap.strip.domain.conf2=false
ldap.groupSearchScope.conf2=sub
ldap.groupObjectClass.conf2=group
ldap.nested.groups.conf2=false
ldap.groupAttributeName.conf2=member
ldap.userDisplayName.conf2.0=mail
ldap.userDN.extended.conf2.0=OU=Global-Users
ldap.groupDN.extended.conf2.0=OU=Groups

This property file contains two LDAP domains/configurations – conf1 and conf2 – which at a first glance look very similar. The difference is that with the first configuration, users log on with the username (sAMAccountName) of an Active Directory server. The second configuration uses the mail LDAP property for logon. The Grid Principal name will also differ depending on in which configuration the user is found, because the strip domain property differs.

With this configuration the ldap connection pooling is disabled, which is required when StartTLS is used. The deployment profile will force the ldap connection pooling property to be turned off if any configuration exists that uses StartTLS.

The configuration defines that the LDAP certificates should be retrieved and put into the truststore automatically during startup.

The LDAP Session Provider will be granted as the active session provider if no session provider is already granted and the users "myadminuid" and "otheradminuid" will be mapped to the grid-admin role.