Package com.ibm.security.access.user
Class LDAPProperties
java.lang.Object
com.ibm.security.access.user.LDAPProperties
This class contains the LDAP Properties which can be overriden using the
Properties
map exposed in several init methods. All values of should be Strings.-
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final Stringstatic final StringSet the maximum time that Verify Identity Access will wait for a response to an authentication request.static final StringValidate user password's using LDAP compare.static final StringAuthenticate users using rebindstatic final StringLDAP attribute to use for group membershipstatic final StringSpecify whether duplicate users (identified by principal attribute) are allowed.static final Stringstatic final StringLDAP attribute to use as a unique identifier for Basic users.static final Stringstatic final StringLDAP suffixes which contain Basic Users.static final StringEnable search suffix optimization.static final StringEnable basic user support.static final StringEnforce a password change when using bind authentication.static final StringBind Dn to connect to LDAP User Registrystatic final Stringstatic final Stringstatic final StringSet the list of allowed cipher suites to use for SSL/TLS connectionsstatic final StringSet the client certificate to use for TLS connection the LDAP User Registry.static final Stringstatic final StringSet the maximum allowed connection inactivity.static final Stringstatic final StringEnable dynamic group support.static final StringRecord the last password authentication timestamp using a LDAP attributestatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final StringSet the filter to use when searching for Groups.static final StringAllow the creation of native LDAP users ithout setting a passwordstatic final StringIgnore LDAP Server if Verify Identity Access cannot get a response.static final StringLDAP suffixes to ignorestatic final Stringstatic final Stringstatic final StringSpecify a custom native user attribute to record the last logn time.static final StringSpecify if the user should be told an authentication request failed because of Time Of Day access policy.static final StringEnable caching of failed password attempts using LDAP attribute.static final StringSpecify a native LDAP attribute to store failed password attempts.static final StringSet the maximum number of connections to the LDAP User Registry for authentication requestsstatic final StringSet the maximum number of search results to return.static final Stringstatic final Stringstatic final StringSpecify the LDAP attribute to use as the passwordstatic final StringSpecify the length of time before the password fail count is resetstatic final Stringstatic final Stringstatic final Stringstatic final StringLimit the page size returned by LDAP searches.static final StringSet the maximum time that Verify Identity Access will wait for a response to a search request.static final StringSet the SSL keystore to use for TLS connections to LDAP User Registry.static final StringSet the password to use for the SSL Keystore.static final StringSet the SSL Truststore to use for TLS connections.static final StringSet the password to use for the SSL Truststorestatic final StringEnable the SSLv3 Protocolstatic final Stringstatic final Stringstatic final StringOrder which known suffixes will be searchedstatic final Stringstatic final StringSet the maximum time that Verify Identity Access will wait for a response to a request.static final StringEnable the TLSv1.0 Protocolstatic final StringEnable the TLSv1.1 Protocolstatic final StringEnable the TLSv1.2 Protocolstatic final Stringstatic final StringSet the filter to use when searching for all users (Native and Basic).static final String -
Constructor Summary
Constructors -
Method Summary
-
Field Details
-
bindDn
Bind Dn to connect to LDAP User Registry- See Also:
-
novellSuffixSearchEnabled
- See Also:
-
ignoreSuffix
LDAP suffixes to ignore- See Also:
-
suffixTriggerCount
- See Also:
-
suffixMaxIterations
- See Also:
-
suffixOrdering
Order which known suffixes will be searched- See Also:
-
basicUserSearchSuffix
LDAP suffixes which contain Basic Users.- See Also:
-
basicUserSuffixOptimizer
Enable search suffix optimization.- See Also:
-
sslKeystore
Set the SSL keystore to use for TLS connections to LDAP User Registry.- See Also:
-
clientCertLabel
Set the client certificate to use for TLS connection the LDAP User Registry.- See Also:
-
sslKeystorePwd
Set the password to use for the SSL Keystore.- See Also:
-
sslTruststore
Set the SSL Truststore to use for TLS connections.- See Also:
-
sslTruststorePwd
Set the password to use for the SSL Truststore- See Also:
-
connectionInactivity
Set the maximum allowed connection inactivity.- See Also:
-
maxSearchSize
Set the maximum number of search results to return.- See Also:
-
timeout
Set the maximum time that Verify Identity Access will wait for a response to a request.- See Also:
-
authnTimeout
Set the maximum time that Verify Identity Access will wait for a response to an authentication request.- See Also:
-
searchTimeout
Set the maximum time that Verify Identity Access will wait for a response to a search request.- See Also:
-
enhancedPwdPolicy
- See Also:
-
maxAuthnConnections
Set the maximum number of connections to the LDAP User Registry for authentication requests- See Also:
-
fips
- See Also:
-
compliance
- See Also:
-
sslV3enable
Enable the SSLv3 Protocol- See Also:
-
tlsV10Enable
Enable the TLSv1.0 Protocol- See Also:
-
tlsV11Enable
Enable the TLSv1.1 Protocol- See Also:
-
tlsV12Enable
Enable the TLSv1.2 Protocol- See Also:
-
cipherSuites
Set the list of allowed cipher suites to use for SSL/TLS connections- See Also:
-
fipsCertified
- See Also:
-
userSearchFilter
Set the filter to use when searching for all users (Native and Basic).- See Also:
-
userObjectclass
- See Also:
-
isMemberOfAttribute
- See Also:
-
groupSearchFilter
Set the filter to use when searching for Groups.- See Also:
-
staticGroupObjectclass
- See Also:
-
dynamicGroupsEnabled
Enable dynamic group support.- See Also:
-
bindAuthPwdChange
Enforce a password change when using bind authentication.- See Also:
-
authUsingRebind
Authenticate users using rebind- See Also:
-
searchPageSize
Limit the page size returned by LDAP searches.- See Also:
-
basicUserPrincipalAttribute
LDAP attribute to use as a unique identifier for Basic users.- See Also:
-
basicUserPrincipalAdd
- See Also:
-
basicGroupIdAttribute
LDAP attribute to use for group membership- See Also:
-
ignoreIfDown
Ignore LDAP Server if Verify Identity Access cannot get a response.- See Also:
-
ignoreEmptyPasswordOnNativeCreate
Allow the creation of native LDAP users ithout setting a password- See Also:
-
passwordAttribute
Specify the LDAP attribute to use as the password- See Also:
-
racfSuffix
- See Also:
-
mgmtDomainSuffix
- See Also:
-
allowQoutePattern
- See Also:
-
returnRegistryId
- See Also:
-
userSelfcareObjectclass
- See Also:
-
authUsingCompare
Validate user password's using LDAP compare.- See Also:
-
enableLastLogin
Record the last password authentication timestamp using a LDAP attribute- See Also:
-
lastLoginAttribute
Specify a custom native user attribute to record the last logn time.- See Also:
-
basicUserSupport
Enable basic user support.- See Also:
-
basicUserNoDuplicates
Specify whether duplicate users (identified by principal attribute) are allowed.- See Also:
-
importModUid
- See Also:
-
groupAttributeNames
- See Also:
-
groupMaxSize
- See Also:
-
groupMaxLifespan
- See Also:
-
requireNativeGroup
- See Also:
-
defaultPolicyOverrideSupport
- See Also:
-
loginFailurePersistent
Enable caching of failed password attempts using LDAP attribute.- See Also:
-
loginFailurePersistentAttribute
Specify a native LDAP attribute to store failed password attempts.- See Also:
-
persistentStrikeExpireTIme
Specify the length of time before the password fail count is reset- See Also:
-
lateLockoutNotification
Specify if the user should be told an authentication request failed because of Time Of Day access policy.- See Also:
-
cachePolicyExpireTime
- See Also:
-
basicUserPwdPolicy
- See Also:
-
cacheResetStrikes
- See Also:
-
-
Constructor Details
-
LDAPProperties
public LDAPProperties()
-