| Administering the Community / Directory Server Integration Guide | |
You can modify LDAP system properties to reset some elements of your LDAP configuration.
| Property | Meaning | Sample Value(s) |
|---|---|---|
| ldap.ssl.certverification | The SSL certification verification switch | By default=true, which verifies the SSL certificate is valid when you're running LDAP over SSL. If you set this to false, you can run in an insecure mode. |
| ldap.serverType.id* | The type of LDAP instance | 2=AD, 3=openLDAP, 4=other |
| ldap.host* | The hostname of IP address of the LDAP server | ldap.jive.com |
| ldap.port* | The port number of the LDAP server | 389 (default) or 636 (SSL) |
| ldap.usernameField* | The LDAP field name used to look up user name values | uid |
| ldap.baseDN* | The Distinguished Name of the base of your LDAP tree | DC=support, DC=jive, DC=com |
| ldap.nameField^ | The element key for the name attribute | cn |
| ldap.firstNameField^ | The element key for the First Name attribute | givenName |
| ldap.lastNameField^ | The element key for the Surname attribute | sn |
| ldap.emailField* | The element key for the Email attribute | |
| ldap.connectionPoolEnabled | Specifies whether to enable connection pooling. See http://download.oracle.com/javase/jndi/tutorial/ldap/connect/config.html | true |
| ldap.followReferrals | Specifies whether LDAP queries will follow referrals. This property should always be set to true for Active Directory. | true |
| ldap.adminDN* | The DN for the LDAP admin user. This user does not need to be a Jive user. | CN=AdminMan,OU=Domain Users,DC=support,DC=jive,DC=com |
| ldap.adminPassword* | The encrypted password for the LDAP admin | a54313f2d3bc98fb5234566995246c7 |
| ldap.adminPassword.key* | The key used to encrypt the admin password. | |
| ldap.adminPassword.encrypted* | Specifies whether or not the Admin password is encrypted. This property should always be set to true. | true |
| ldap.ldapDebugEnabled | Specifies whether LDAP debug logging is on. CAUTION: If
ldap.ldapDebugEnabled is on (true), LDAP traffic can be logged, and user passwords
can be printed in plain text to the application's sbs.out log file if connections to LDAP are unencrypted (non-SSL).
It is your responsibility to ensure that your LDAP communication runs over an SSL
connection.
Important: LDAP logging is extremely verbose and should never be used
in production unless Support recommends it. Using debug mode can cause serious
performance problems or system failure.
|
false |
| ldap.sslEnabled | Specifies whether to use an SSL connection to communicate with the LDAP server. | false |
| ldap.initialContextFactory | ||
| ldap.searchFilter | The filter applied to a remote directory when searching for users | |
| ldap.groupNameField | The field that maps a group to its CN in LDAP. | cn |
| ldap.groupMemberField | The field that maps a group to its members. | member |
| ldap.groupDescriptionField | The field that maps a description of a group. | description |
| ldap.posixMode | Specifies whether to connect to LDAP in POSIX mode. POSIX groups store their member associations by common name (CN) rather than full distinguished name (DN). | false |
| ldap.posixEnabled | Specifies whether to connect to LDAP in POSIX mode. POSIX groups store their member associations by common name (CN) rather than full distinguished name (DN). | false |
| ldap.groupSearchFilter^ | The filter applied to a remote directory when searching for groups. | (objectClass=group) |
| ldap.managerField | Maps the DN of a user's manager. Used when syncing relationship fields. | manager |
| ldap.photoField | Maps a photo to a user's profile. | photo |
| ldap.lastUpdatedField | Used to check if an LDAP record has been updated since the most recent sync. | creationdate |
| ldap.userGroupMember^ | The field that maps a user to a group. This is a user attribute. | memberOf |
| ldap.userDN^ | A RDN (relative to the baseDN) which contains users to sync to SBS. | ou=People |
| jive.sync.user.ldap | Specifies whether user synchronizations are enabled. | true |
| jive.sync.relationships.ldap | Specifies whether user relationships are synchronized from LDAP. | false |
| jive.sync.profile.ldap.photo | Specifies whether profile photos are synchronized from LDAP. | false |
| jive.sync.profile.ldap.login | Specifies whether profiles are synchronized at login. | false |
| jive.sync.auto.disable | Specifies whether Jive should disable user accounts which cannot be found in the LDAP directory. | |
| jive.sync.auto.disable.att.name | The name of the attribute which indicates whether or not an account is disabled in LDAP. | userAccountControl |
| jive.sync.auto.disable.att.value | In Active Directory, use Microsoft article 305144 as a reference for setting user account properties. You can also set up a bit-specific filter such as: userAccountControl:1.2.840.113556.1.4.803:=2 | 514 (see link) |
| jive.usernames.case.insensitive | Setting to false makes case sensitive comparisons when users register or log in, for example, bbrag is a different user than BBragg. When set to true, there is no disctinction between bbragg and BBragg. You may need to set this property to false when existing usernames in your Lightweight Directory Access Protocol (LDAP), Active Directory (AD), or single sign on (SSO) are case sensitive. | true |
| GroupManager.className | Controls whether or not permission groups are synchronized from LDAP. | com.jivesoftware.base.ldap.LdapGroupManager (for LDAP groups) com.jivesoftware.base.database.DbGroupManager (default group manager) |