"ldap."
public static final boolean
true
"Flag to explicitly enable/disableldap group authorization. The default value is true (group auth enabled)."
"ldap.group.authorization.enable"
""
"Java regular expression pattern used to extract group name from the distinguished name of the group when group is renamed. This is used only when persistent search is enabled. By default the \'ldap.group.name.attribute\' is extracted from the DN"
"ldap.group.dn.name.pattern"
"member"
"Name of attribute that contains the members of the group in a group entry obtained using an LDAP search. A regex pattern may be specified to extract the user principals from this attribute by configuring \'ldap.group.member.attribute.pattern\'."
""
"Java regular expression pattern used to extract the user principals of group members from group member entries obtained from the LDAP attribute specified using \'ldap.group.member.attribute`. By default the full value of the attribute is used"
"ldap.group.member.attribute.pattern"
"ldap.group.member.attribute"
"cn"
"Name of attribute that contains the name of the group in a group entry obtained using an LDAP search. A regex pattern may be specified to extract the group name used in ACLs from this attribute by configuring \'ldap.group.name.attribute.pattern\'."
""
"Java regular expression pattern used to extract the group name used in ACLs from the name of the group obtained from the LDAP attribute specified using \'ldap.group.name.attribute`. By default the full value of the attribute is used"
"ldap.group.name.attribute.pattern"
"ldap.group.name.attribute"
"groupOfNames"
"LDAP object class for groups."
"ldap.group.object.class"
"ou=groups"
"LDAP search base for group-based search."
"ldap.group.search.base"
""
"LDAP search filter for group-based search."
"ldap.group.search.filter"
public static final int
1
"LDAP search scope for group-based search. Valid values are 0 (OBJECT), 1 (ONELEVEL) and 2 (SUBTREE)."
"ldap.group.search.scope"
"ldap.ignore.partial.result.exception"
"Indicate whether ignore partial result exception"
"java.naming.ldap.factory.socket"
public static final long
30000L
public static final long
30000L
"com.sun.jndi.ldap.read.timeout"
""
"Fully qualified domain name (FQDN) to be used for hostname verification of LDAP serversin case of FIPS deployment. Required if the FIPS deployment has multiple LDAP JNDI provider urls configured. In case this is not specified, SAN verification will happen against the domain passed in the LDAP JNDI provider URL config."
"ldap.fips.san.verification.fqdn"
public static final int
0
"Defines the mechanism used for mapping the user\'s Principal.Following modes exist: 1. \'default\' - (default mode) this mode would store the username (used during AuthN) in the user\'s principal for AuthZ.2. \'ldap\' - this mode would extract the user\'s principal from LDAP records (which can be of different casing from the username during AuthN) and uses that for AuthZ. "
"ldap.principal.mapping"
public static final int
60000
"LDAP group cache refresh interval in milliseconds. If set to zero, persistent LDAP search is used."
"ldap.refresh.interval.ms"
public static final int
1000
"Maximum retry backoff in milliseconds. Exponential backoff is used if \'ldap.retry.backoff.ms\' is set to a lower value."
"ldap.retry.backoff.max.ms"
public static final int
100
"Initial retry backoff in milliseconds. Exponential backoff is used if \'ldap.retry.backoff.max.ms\' is set to a higher value."
"ldap.retry.backoff.ms"
public static final int
86400000
"Timeout for LDAP search retries after which the LDAP authorizer is marked as failed. All requests are denied access if a successful cache refresh cannot be performed within this time."
"ldap.retry.timeout.ms"
"LDAP search mode that indicates if user to group mapping is retrieved by searching for group or user entries. Valid values are USERS and GROUPS."
"ldap.search.mode"
public static final int
0
"Page size for LDAP search if persistent search is disabled (refresh interval is greater than zero). Paging is disabled by default."
"ldap.search.page.size"
""
"Java regular expression pattern used to extract user name from the distinguished name of the user when user is renamed. This is used only when persistent search is enabled. By default the \'ldap.user.name.attribute\' is extracted from the DN"
"ldap.user.dn.name.pattern"
"memberof"
"Name of attribute that contains the groups in a user entry obtained using an LDAP search. A regex pattern may be specified to extract the group names used in ACLs from this attribute by configuring \'ldap.user.memberof.attribute.pattern\'."
""
"Java regular expression pattern used to extract the names of groups from user entries obtained from the LDAP attribute specified using \'ldap.user.memberof.attribute`. By default the full value of the attribute is used"
"ldap.user.memberof.attribute.pattern"
"ldap.user.memberof.attribute"
"uid"
"Name of attribute that contains the user principal in a user entry obtained using an LDAP search. A regex pattern may be specified to extract the user principal from this attribute by configuring \'ldap.user.name.attribute.pattern\'."
""
"Java regular expression pattern used to extract the user principal from the name of the user obtained from the LDAP attribute specified using \'ldap.user.name.attribute`. By default the full value of the attribute is used"
"ldap.user.name.attribute.pattern"
"ldap.user.name.attribute"
"person"
"LDAP object class for users."
"ldap.user.object.class"
"Name of attribute that contains the password in a user entry obtained using an LDAP search for simple username/password authentication. By default, authentication is performed using simple binding with the provided credentials. This config may be used in deployments where simple binding is disabled for some users."
"ldap.user.password.attribute"
"ou=users"
"LDAP search base for user-based search."
"ldap.user.search.base"
""
"LDAP search filter for user-based search."
"ldap.user.search.filter"
public static final int
1
"LDAP search scope for user-based search. Valid values are 0 (OBJECT), 1 (ONELEVEL) and 2 (SUBTREE)."
"ldap.user.search.scope"