Amster

ActiveDirectory

Realm Operations

Resource path:

/realm-config/services/id-repositories/LDAPv3ForAD

Resource version: 1.0

create

Usage

am> create ActiveDirectory --realm Realm --id id --body body

Parameters

--id

The unique identifier for the resource.

--body

The resource in JSON format, described by the following JSON schema:

{
  "type" : "object",
  "properties" : {
    "groupconfig" : {
      "type" : "object",
      "title" : "Group Configuration",
      "propertyOrder" : 5,
      "properties" : {
        "adRecursiveGroupMembership" : {
          "title" : "AD Recursive Group Membership Evaluation",
          "description" : "Used to enable/disable Active Directory Recursive Group Membership evaluation.<br><br>Enables an Active Directory specific extensible filter called LDAP_MATCHING_RULE_IN_CHAIN that according to MSDN \"walks the chain of ancestry in objects all the way to the root until it finds a match\", meaning that it will resolve all group memberships, including nested groups. This will add a performance overhead on the Active Directory server, indexes may need to be created.",
          "propertyOrder" : 6100,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-uniquemember" : {
          "title" : "Attribute Name of Unique Member",
          "description" : "",
          "propertyOrder" : 3600,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-group-attributes" : {
          "title" : "LDAP Groups Attributes",
          "description" : "",
          "propertyOrder" : 3400,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-group-container-value" : {
          "title" : "LDAP Groups Container Value",
          "description" : "",
          "propertyOrder" : 3200,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-memberof" : {
          "title" : "Attribute Name for Group Membership",
          "description" : "",
          "propertyOrder" : 3500,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-groups-search-filter" : {
          "title" : "LDAP Groups Search Filter",
          "description" : "",
          "propertyOrder" : 3000,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-groups-search-attribute" : {
          "title" : "LDAP Groups Search Attribute",
          "description" : "",
          "propertyOrder" : 2900,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-group-objectclass" : {
          "title" : "LDAP Groups Object Class",
          "description" : "",
          "propertyOrder" : 3300,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-group-container-name" : {
          "title" : "LDAP Groups Container Naming Attribute",
          "description" : "",
          "propertyOrder" : 3100,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        }
      }
    },
    "pluginconfig" : {
      "type" : "object",
      "title" : "Plug-in Configuration",
      "propertyOrder" : 2,
      "properties" : {
        "sunIdRepoClass" : {
          "title" : "LDAPv3 Repository Plug-in Class Name",
          "description" : "",
          "propertyOrder" : 1700,
          "required" : true,
          "type" : "string",
          "exampleValue" : ""
        },
        "sunIdRepoSupportedOperations" : {
          "title" : "LDAPv3 Plug-in Supported Types and Operations",
          "description" : "",
          "propertyOrder" : 1900,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "sunIdRepoAttributeMapping" : {
          "title" : "Attribute Name Mapping",
          "description" : "",
          "propertyOrder" : 1800,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        }
      }
    },
    "ldapsettings" : {
      "type" : "object",
      "title" : "Server Settings",
      "propertyOrder" : 0,
      "properties" : {
        "sun-idrepo-ldapv3-config-authid" : {
          "title" : "LDAP Bind DN",
          "description" : "A user or admin with sufficient access rights to perform the supported operations.",
          "propertyOrder" : 700,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-search-scope" : {
          "title" : "LDAPv3 Plug-in Search Scope",
          "description" : "",
          "propertyOrder" : 2000,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-connection_pool_min_size" : {
          "title" : "LDAP Connection Pool Minimum Size",
          "description" : "",
          "propertyOrder" : 1100,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-connection-mode" : {
          "title" : "LDAP Connection Mode",
          "description" : "Defines which protocol/operation is used to establish the connection to the LDAP Directory Server.<br><br>If 'LDAP' is selected, the connection <b>won't be secured</b> and passwords are transferred in <b>cleartext</b> over the network.<br/> If 'LDAPS' is selected, the connection is secured via SSL or TLS. <br/> If 'StartTLS' is selected, the connection is secured by using StartTLS extended operation.",
          "propertyOrder" : 1000,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-organization_name" : {
          "title" : "LDAP Organization DN",
          "description" : "",
          "propertyOrder" : 900,
          "required" : true,
          "type" : "string",
          "exampleValue" : ""
        },
        "openam-idrepo-ldapv3-affinity-enabled" : {
          "title" : "Affinity Enabled",
          "description" : "Enables affinity based request load balancing when accessing the user store servers (based on DN). It is imperative that the connection string setting is set to the same value for all OpenAM servers in the deployment when this feature is enabled.",
          "propertyOrder" : 6200,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "openam-idrepo-ldapv3-heartbeat-timeunit" : {
          "title" : "LDAP Connection Heartbeat Time Unit",
          "description" : "Defines the time unit corresponding to the Heartbeat Interval setting.<br><br>This setting controls how often OpenAM <b>should</b> send a heartbeat search request to the configured directory. If a connection becomes unresponsive (e.g. due to a network error) then it may take up to the interval period before the problem is detected. Use along with the Heartbeat Interval parameter to define the exact interval.",
          "propertyOrder" : 1400,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-authpw" : {
          "title" : "LDAP Bind Password",
          "description" : "",
          "propertyOrder" : 800,
          "required" : false,
          "type" : "string",
          "format" : "password",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-max-result" : {
          "title" : "Maximum Results Returned from Search",
          "description" : "",
          "propertyOrder" : 1500,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-time-limit" : {
          "title" : "Search Timeout",
          "description" : "In seconds.",
          "propertyOrder" : 1600,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "openam-idrepo-ldapv3-keepalive-searchbase" : {
          "title" : "LDAP Connection Heartbeat Search Base",
          "description" : "Defines the search base to the KeepAlive and Availability Search request.<br><br>This setting controls the search base to the KeepAlive and Availability search request. The default value for search base DN is \"\". The LDAP server connection pool will be marked as unavailable if the search fails with an error, returns no entries, or if more than one entry is returned.",
          "propertyOrder" : 1301,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-connection_pool_max_size" : {
          "title" : "LDAP Connection Pool Maximum Size",
          "description" : "",
          "propertyOrder" : 1200,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-ldap-server" : {
          "title" : "LDAP Server",
          "description" : "Format: LDAP server host name:port | server_ID | site_ID",
          "propertyOrder" : 600,
          "required" : true,
          "items" : {
            "type" : "string"
          },
          "minItems" : 1,
          "type" : "array",
          "exampleValue" : ""
        },
        "openam-idrepo-ldapv3-heartbeat-interval" : {
          "title" : "LDAP Connection Heartbeat Interval",
          "description" : "Specifies how often should OpenAM send a heartbeat request to the directory.<br><br>This setting controls how often OpenAM <b>should</b> send a heartbeat search request to the configured directory. If a connection becomes unresponsive (e.g. due to a network error) then it may take up to the interval period before the problem is detected. Use along with the Heartbeat Time Unit parameter to define the exact interval. Zero or negative value will result in disabling heartbeat requests.",
          "propertyOrder" : 1300,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "openam-idrepo-ldapv3-keepalive-searchfilter" : {
          "title" : "LDAP Connection Heartbeat Search Filter",
          "description" : "Defines the search filter to the KeepAlive and Availability Search request.<br><br>This setting controls the search filter to the KeepAlive and Availability search request. The default value for search filter is \"(objectClass=*)\". The Absolute True and False filter \"(&)\" can also be used. The LDAP server connection pool will be marked as unavailable if the search fails with an error, returns no entries, or if more than one entry is returned.",
          "propertyOrder" : 1302,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        }
      }
    },
    "persistentsearch" : {
      "type" : "object",
      "title" : "Persistent Search Controls",
      "propertyOrder" : 7,
      "properties" : {
        "sun-idrepo-ldapv3-config-psearchbase" : {
          "title" : "Persistent Search Base DN",
          "description" : "",
          "propertyOrder" : 5500,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-psearch-scope" : {
          "title" : "Persistent Search Scope",
          "description" : "",
          "propertyOrder" : 5700,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        }
      }
    },
    "userconfig" : {
      "type" : "object",
      "title" : "User Configuration",
      "propertyOrder" : 3,
      "properties" : {
        "sun-idrepo-ldapv3-config-isactive" : {
          "title" : "Attribute Name of User Status",
          "description" : "",
          "propertyOrder" : 2600,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-users-search-filter" : {
          "title" : "LDAP Users  Search Filter",
          "description" : "",
          "propertyOrder" : 2200,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-auth-kba-index-attr" : {
          "title" : "Knowledge Based Authentication Active Index",
          "description" : "",
          "propertyOrder" : 5400,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-inactive" : {
          "title" : "User Status Inactive Value",
          "description" : "",
          "propertyOrder" : 2800,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-auth-kba-attempts-attr" : {
          "title" : "Knowledge Based Authentication Attempts Attribute Name",
          "description" : "",
          "propertyOrder" : 5410,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-auth-kba-attr" : {
          "title" : "Knowledge Based Authentication Attribute Name",
          "description" : "",
          "propertyOrder" : 5300,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-people-container-value" : {
          "title" : "LDAP People Container Value",
          "description" : "",
          "propertyOrder" : 5100,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-user-attributes" : {
          "title" : "LDAP User Attributes",
          "description" : "",
          "propertyOrder" : 2400,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-users-search-attribute" : {
          "title" : "LDAP Users  Search Attribute",
          "description" : "",
          "propertyOrder" : 2100,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-active" : {
          "title" : "User Status Active Value",
          "description" : "",
          "propertyOrder" : 2700,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-user-objectclass" : {
          "title" : "LDAP User Object Class",
          "description" : "",
          "propertyOrder" : 2300,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-createuser-attr-mapping" : {
          "title" : "Create User Attribute Mapping",
          "description" : "Format: attribute name or TargetAttributeName=SourceAttributeName",
          "propertyOrder" : 2500,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-people-container-name" : {
          "title" : "LDAP People Container Naming Attribute",
          "description" : "",
          "propertyOrder" : 5000,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        }
      }
    },
    "authentication" : {
      "type" : "object",
      "title" : "Authentication Configuration",
      "propertyOrder" : 4,
      "properties" : {
        "sun-idrepo-ldapv3-config-auth-naming-attr" : {
          "title" : "Authentication Naming Attribute",
          "description" : "",
          "propertyOrder" : 5200,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        }
      }
    },
    "cachecontrol" : {
      "type" : "object",
      "title" : "Cache Control",
      "propertyOrder" : 9,
      "properties" : {
        "sun-idrepo-ldapv3-dncache-size" : {
          "title" : "DN Cache Size",
          "description" : "In DN items, only used when DN Cache is enabled.",
          "propertyOrder" : 6000,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-dncache-enabled" : {
          "title" : "DN Cache",
          "description" : "Used to enable/disable the DN Cache within the OpenAM repository implementation.<br><br>The DN Cache is used to cache DN lookups which tend to happen in bursts during authentication. The DN Cache can become out of date when a user is moved or renamed in the underlying LDAP store and this is not reflected in a persistent search result. Enable when the underlying LDAP store supports persistent search and move/rename (mod_dn) results are available.",
          "propertyOrder" : 5900,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        }
      }
    },
    "errorhandling" : {
      "type" : "object",
      "title" : "Error Handling Configuration",
      "propertyOrder" : 8,
      "properties" : {
        "com.iplanet.am.ldap.connection.delay.between.retries" : {
          "title" : "The Delay Time Between Retries",
          "description" : "In milliseconds.",
          "propertyOrder" : 5800,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        }
      }
    }
  }
}

delete

Usage

am> delete ActiveDirectory --realm Realm --id id

Parameters

--id

The unique identifier for the resource.

getAllTypes

Obtain the collection of all secondary configuration types related to the resource.

Usage

am> action ActiveDirectory --realm Realm --actionName getAllTypes

getCreatableTypes

Obtain the collection of secondary configuration types that have yet to be added to the resource.

Usage

am> action ActiveDirectory --realm Realm --actionName getCreatableTypes

nextdescendents

Obtain the collection of secondary configuration instances that have been added to the resource.

Usage

am> action ActiveDirectory --realm Realm --actionName nextdescendents

query

Get the full list of instances of this collection. This query only supports _queryFilter=true filter.

Usage

am> query ActiveDirectory --realm Realm --filter filter

Parameters

--filter

A CREST formatted query filter, where "true" will query all.

read

Usage

am> read ActiveDirectory --realm Realm --id id

Parameters

--id

The unique identifier for the resource.

update

Usage

am> update ActiveDirectory --realm Realm --id id --body body

Parameters

--id

The unique identifier for the resource.

--body

The resource in JSON format, described by the following JSON schema:

{
  "type" : "object",
  "properties" : {
    "groupconfig" : {
      "type" : "object",
      "title" : "Group Configuration",
      "propertyOrder" : 5,
      "properties" : {
        "adRecursiveGroupMembership" : {
          "title" : "AD Recursive Group Membership Evaluation",
          "description" : "Used to enable/disable Active Directory Recursive Group Membership evaluation.<br><br>Enables an Active Directory specific extensible filter called LDAP_MATCHING_RULE_IN_CHAIN that according to MSDN \"walks the chain of ancestry in objects all the way to the root until it finds a match\", meaning that it will resolve all group memberships, including nested groups. This will add a performance overhead on the Active Directory server, indexes may need to be created.",
          "propertyOrder" : 6100,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-uniquemember" : {
          "title" : "Attribute Name of Unique Member",
          "description" : "",
          "propertyOrder" : 3600,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-group-attributes" : {
          "title" : "LDAP Groups Attributes",
          "description" : "",
          "propertyOrder" : 3400,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-group-container-value" : {
          "title" : "LDAP Groups Container Value",
          "description" : "",
          "propertyOrder" : 3200,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-memberof" : {
          "title" : "Attribute Name for Group Membership",
          "description" : "",
          "propertyOrder" : 3500,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-groups-search-filter" : {
          "title" : "LDAP Groups Search Filter",
          "description" : "",
          "propertyOrder" : 3000,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-groups-search-attribute" : {
          "title" : "LDAP Groups Search Attribute",
          "description" : "",
          "propertyOrder" : 2900,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-group-objectclass" : {
          "title" : "LDAP Groups Object Class",
          "description" : "",
          "propertyOrder" : 3300,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-group-container-name" : {
          "title" : "LDAP Groups Container Naming Attribute",
          "description" : "",
          "propertyOrder" : 3100,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        }
      }
    },
    "pluginconfig" : {
      "type" : "object",
      "title" : "Plug-in Configuration",
      "propertyOrder" : 2,
      "properties" : {
        "sunIdRepoClass" : {
          "title" : "LDAPv3 Repository Plug-in Class Name",
          "description" : "",
          "propertyOrder" : 1700,
          "required" : true,
          "type" : "string",
          "exampleValue" : ""
        },
        "sunIdRepoSupportedOperations" : {
          "title" : "LDAPv3 Plug-in Supported Types and Operations",
          "description" : "",
          "propertyOrder" : 1900,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "sunIdRepoAttributeMapping" : {
          "title" : "Attribute Name Mapping",
          "description" : "",
          "propertyOrder" : 1800,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        }
      }
    },
    "ldapsettings" : {
      "type" : "object",
      "title" : "Server Settings",
      "propertyOrder" : 0,
      "properties" : {
        "sun-idrepo-ldapv3-config-authid" : {
          "title" : "LDAP Bind DN",
          "description" : "A user or admin with sufficient access rights to perform the supported operations.",
          "propertyOrder" : 700,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-search-scope" : {
          "title" : "LDAPv3 Plug-in Search Scope",
          "description" : "",
          "propertyOrder" : 2000,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-connection_pool_min_size" : {
          "title" : "LDAP Connection Pool Minimum Size",
          "description" : "",
          "propertyOrder" : 1100,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-connection-mode" : {
          "title" : "LDAP Connection Mode",
          "description" : "Defines which protocol/operation is used to establish the connection to the LDAP Directory Server.<br><br>If 'LDAP' is selected, the connection <b>won't be secured</b> and passwords are transferred in <b>cleartext</b> over the network.<br/> If 'LDAPS' is selected, the connection is secured via SSL or TLS. <br/> If 'StartTLS' is selected, the connection is secured by using StartTLS extended operation.",
          "propertyOrder" : 1000,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-organization_name" : {
          "title" : "LDAP Organization DN",
          "description" : "",
          "propertyOrder" : 900,
          "required" : true,
          "type" : "string",
          "exampleValue" : ""
        },
        "openam-idrepo-ldapv3-affinity-enabled" : {
          "title" : "Affinity Enabled",
          "description" : "Enables affinity based request load balancing when accessing the user store servers (based on DN). It is imperative that the connection string setting is set to the same value for all OpenAM servers in the deployment when this feature is enabled.",
          "propertyOrder" : 6200,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "openam-idrepo-ldapv3-heartbeat-timeunit" : {
          "title" : "LDAP Connection Heartbeat Time Unit",
          "description" : "Defines the time unit corresponding to the Heartbeat Interval setting.<br><br>This setting controls how often OpenAM <b>should</b> send a heartbeat search request to the configured directory. If a connection becomes unresponsive (e.g. due to a network error) then it may take up to the interval period before the problem is detected. Use along with the Heartbeat Interval parameter to define the exact interval.",
          "propertyOrder" : 1400,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-authpw" : {
          "title" : "LDAP Bind Password",
          "description" : "",
          "propertyOrder" : 800,
          "required" : false,
          "type" : "string",
          "format" : "password",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-max-result" : {
          "title" : "Maximum Results Returned from Search",
          "description" : "",
          "propertyOrder" : 1500,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-time-limit" : {
          "title" : "Search Timeout",
          "description" : "In seconds.",
          "propertyOrder" : 1600,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "openam-idrepo-ldapv3-keepalive-searchbase" : {
          "title" : "LDAP Connection Heartbeat Search Base",
          "description" : "Defines the search base to the KeepAlive and Availability Search request.<br><br>This setting controls the search base to the KeepAlive and Availability search request. The default value for search base DN is \"\". The LDAP server connection pool will be marked as unavailable if the search fails with an error, returns no entries, or if more than one entry is returned.",
          "propertyOrder" : 1301,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-connection_pool_max_size" : {
          "title" : "LDAP Connection Pool Maximum Size",
          "description" : "",
          "propertyOrder" : 1200,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-ldap-server" : {
          "title" : "LDAP Server",
          "description" : "Format: LDAP server host name:port | server_ID | site_ID",
          "propertyOrder" : 600,
          "required" : true,
          "items" : {
            "type" : "string"
          },
          "minItems" : 1,
          "type" : "array",
          "exampleValue" : ""
        },
        "openam-idrepo-ldapv3-heartbeat-interval" : {
          "title" : "LDAP Connection Heartbeat Interval",
          "description" : "Specifies how often should OpenAM send a heartbeat request to the directory.<br><br>This setting controls how often OpenAM <b>should</b> send a heartbeat search request to the configured directory. If a connection becomes unresponsive (e.g. due to a network error) then it may take up to the interval period before the problem is detected. Use along with the Heartbeat Time Unit parameter to define the exact interval. Zero or negative value will result in disabling heartbeat requests.",
          "propertyOrder" : 1300,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "openam-idrepo-ldapv3-keepalive-searchfilter" : {
          "title" : "LDAP Connection Heartbeat Search Filter",
          "description" : "Defines the search filter to the KeepAlive and Availability Search request.<br><br>This setting controls the search filter to the KeepAlive and Availability search request. The default value for search filter is \"(objectClass=*)\". The Absolute True and False filter \"(&)\" can also be used. The LDAP server connection pool will be marked as unavailable if the search fails with an error, returns no entries, or if more than one entry is returned.",
          "propertyOrder" : 1302,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        }
      }
    },
    "persistentsearch" : {
      "type" : "object",
      "title" : "Persistent Search Controls",
      "propertyOrder" : 7,
      "properties" : {
        "sun-idrepo-ldapv3-config-psearchbase" : {
          "title" : "Persistent Search Base DN",
          "description" : "",
          "propertyOrder" : 5500,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-psearch-scope" : {
          "title" : "Persistent Search Scope",
          "description" : "",
          "propertyOrder" : 5700,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        }
      }
    },
    "userconfig" : {
      "type" : "object",
      "title" : "User Configuration",
      "propertyOrder" : 3,
      "properties" : {
        "sun-idrepo-ldapv3-config-isactive" : {
          "title" : "Attribute Name of User Status",
          "description" : "",
          "propertyOrder" : 2600,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-users-search-filter" : {
          "title" : "LDAP Users  Search Filter",
          "description" : "",
          "propertyOrder" : 2200,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-auth-kba-index-attr" : {
          "title" : "Knowledge Based Authentication Active Index",
          "description" : "",
          "propertyOrder" : 5400,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-inactive" : {
          "title" : "User Status Inactive Value",
          "description" : "",
          "propertyOrder" : 2800,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-auth-kba-attempts-attr" : {
          "title" : "Knowledge Based Authentication Attempts Attribute Name",
          "description" : "",
          "propertyOrder" : 5410,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-auth-kba-attr" : {
          "title" : "Knowledge Based Authentication Attribute Name",
          "description" : "",
          "propertyOrder" : 5300,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-people-container-value" : {
          "title" : "LDAP People Container Value",
          "description" : "",
          "propertyOrder" : 5100,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-user-attributes" : {
          "title" : "LDAP User Attributes",
          "description" : "",
          "propertyOrder" : 2400,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-users-search-attribute" : {
          "title" : "LDAP Users  Search Attribute",
          "description" : "",
          "propertyOrder" : 2100,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-active" : {
          "title" : "User Status Active Value",
          "description" : "",
          "propertyOrder" : 2700,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-user-objectclass" : {
          "title" : "LDAP User Object Class",
          "description" : "",
          "propertyOrder" : 2300,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-createuser-attr-mapping" : {
          "title" : "Create User Attribute Mapping",
          "description" : "Format: attribute name or TargetAttributeName=SourceAttributeName",
          "propertyOrder" : 2500,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-people-container-name" : {
          "title" : "LDAP People Container Naming Attribute",
          "description" : "",
          "propertyOrder" : 5000,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        }
      }
    },
    "authentication" : {
      "type" : "object",
      "title" : "Authentication Configuration",
      "propertyOrder" : 4,
      "properties" : {
        "sun-idrepo-ldapv3-config-auth-naming-attr" : {
          "title" : "Authentication Naming Attribute",
          "description" : "",
          "propertyOrder" : 5200,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        }
      }
    },
    "cachecontrol" : {
      "type" : "object",
      "title" : "Cache Control",
      "propertyOrder" : 9,
      "properties" : {
        "sun-idrepo-ldapv3-dncache-size" : {
          "title" : "DN Cache Size",
          "description" : "In DN items, only used when DN Cache is enabled.",
          "propertyOrder" : 6000,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-dncache-enabled" : {
          "title" : "DN Cache",
          "description" : "Used to enable/disable the DN Cache within the OpenAM repository implementation.<br><br>The DN Cache is used to cache DN lookups which tend to happen in bursts during authentication. The DN Cache can become out of date when a user is moved or renamed in the underlying LDAP store and this is not reflected in a persistent search result. Enable when the underlying LDAP store supports persistent search and move/rename (mod_dn) results are available.",
          "propertyOrder" : 5900,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        }
      }
    },
    "errorhandling" : {
      "type" : "object",
      "title" : "Error Handling Configuration",
      "propertyOrder" : 8,
      "properties" : {
        "com.iplanet.am.ldap.connection.delay.between.retries" : {
          "title" : "The Delay Time Between Retries",
          "description" : "In milliseconds.",
          "propertyOrder" : 5800,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        }
      }
    }
  }
}
Copyright © 2010-2024 ForgeRock, all rights reserved.