LDAP system properties
You can modify LDAP system properties to reset some elements of your LDAP configuration.
Fastpath: .
These settings are for expert users. To use system properties:
- In the Admin Console, go to .
- Edit a property if it is present in the list or add definition under Add new property.
- Restart your instance after making any system property changes.
| Property | Meaning | Sample Values |
|---|---|---|
ldap.ssl.certverification |
The SSL certification verification switch. By default, the property is set to
true, which verifies the SSL certificate is valid when you're
running LDAP over SSL. If you set this to false, you can run in an
insecure mode. For more information, see LDAP certificates. |
true |
ldap.serverType.id* |
The type of LDAP instance. Possible values:
|
2 |
ldap.host* |
The hostname of IP address of the LDAP server. | ldap.jive.com |
ldap.port* |
The port number of the LDAP server. | 389 (default) or 636 (SSL) |
ldap.usernameField* |
The LDAP field name used to look up user name values. | uid |
ldap.baseDN* |
The Distinguished Name of the base of your LDAP tree. | DC=support, DC=jive, DC=com |
ldap.nameField^ |
The element key for the name attribute. | cn |
ldap.firstNameField^ |
The element key for the First Name attribute. | givenName |
ldap.lastNameField^ |
The element key for the Surname attribute. | sn |
ldap.emailField* |
The element key for the Email attribute. | mail |
| The property that specifies whether to enable connection pooling. For more information, see Connection Pooling Configuration in the Oracle Help Center at http://download.oracle.com/javase/jndi/tutorial/ldap/connect/config.html. |
true |
|
ldap.followReferrals |
The property that specifies whether LDAP queries will follow referrals. This property should always be set to true for Active Directory. | true |
ldap.adminDN* |
The DN for the LDAP admin user. This user does not need to be a Jive user. | CN=AdminMan,OU=Domain Users,DC=support,DC=jive,DC=com |
ldap.adminPassword* |
The encrypted password for the LDAP admin. | a54313f2d3bc98fb5234566995246c7 |
ldap.adminPassword.key* |
The key used to encrypt the admin password. | |
ldap.adminPassword.encrypted* |
The property that specifies whether or not the Admin password is encrypted. This property should always be set to true. | true |
ldap.ldapDebugEnabled |
The property that specifies whether LDAP debug logging is on. CAUTION: If
ldap.ldapDebugEnabled is on
(true), LDAP traffic can be logged, and user passwords can be
printed in plain text to the application's sbs.out log file if
connections to LDAP are unencrypted (non-SSL). It is your responsibility to ensure
that your LDAP communication runs over an SSL connection.Important: LDAP logging is extremely verbose and should never be used in
production unless Support recommends it. Using debug mode
can cause serious performance problems or system failure.
|
false |
ldap.sslEnabled |
The property that specifies whether to use an SSL connection to communicate with the LDAP server. | false |
ldap.initialContextFactory |
||
ldap.searchFilter |
The filter the is applied to a remote directory when searching for users. | |
ldap.groupNameField |
The field that maps a group to its CN in LDAP. | cn |
ldap.groupMemberField |
The field that maps a group to its members. | member |
ldap.groupDescriptionField |
The field that maps a description of a group. | description |
ldap.posixMode |
The property that specifies whether to connect to LDAP in POSIX mode. POSIX groups store their member associations by common name (CN) rather than full distinguished name (DN). | false |
ldap.posixEnabled |
The property that specifies whether to connect to LDAP in POSIX mode. POSIX groups store their member associations by common name (CN) rather than full distinguished name (DN). | false |
ldap.groupSearchFilter^ |
The filter that is applied to a remote directory when searching for groups. | (objectClass=group) |
ldap.managerField |
The field that maps the DN of a user's manager. This is used when syncing relationship fields. | manager |
ldap.photoField |
The field that maps a photo to a user's profile. | photo |
ldap.lastUpdatedField |
The field that is used to check if an LDAP record has been updated since the most recent sync. | creationdate |
ldap.userGroupMember^ |
The field that maps a user to a group. This is a user attribute. | memberOf |
ldap.userDN^ |
An RDN (relative to the baseDN) which contains users to sync to SBS. | ou=People |
jive.sync.user.ldap |
The property that specifies whether user synchronizations are enabled. | true |
jive.sync.relationships.ldap |
The property that specifies whether user relationships are synchronized from LDAP. | false |
jive.sync.profile.ldap.photo |
The property that specifies whether profile photos are synchronized from LDAP. | false |
jive.sync.profile.ldap.login |
The property that specifies whether profiles are synchronized at login. | false |
jive.sync.auto.disable |
The property that specifies whether Jive should disable user accounts which cannot be found in the LDAP directory. | true |
jive.sync.auto.disable.att.name |
The name of the attribute which indicates whether or not an account is disabled in LDAP. | userAccountControl |
jive.sync.auto.disable.att.value |
In Active Directory, UserAccountControl flags. For reference for setting user
account properties, see Microsoft article 305144 (http://support.microsoft.com/kb/305144).
You can also set up a bit-specific filter such as:
userAccountControl:1.2.840.113556.1.4.803:=2
|
514 |
jive.usernames.case.insensitive |
The property that specifies if case sensitive comparisons are made when users
register or log in. If this is set to false, sensitive comparisons
are enabled; for example, bbrag is a different user than BBragg. If
this is set to true, there is no distinction between bbragg
and BBragg. You may need to set this property to false when
existing usernames in your Lightweight Directory Access Protocol (LDAP), Active
Directory (AD), or Single Sign-On (SSO) are case sensitive. |
true |
GroupManager.className |
The property that controls whether or not permission groups are synchronized from LDAP. | com.jivesoftware.base.ldap.LdapGroupManager (for LDAP groups)
com.jivesoftware.base.database.DbGroupManager (default group
manager) |