OpenDJ
Realm Operations
Resource path:
/realm-config/services/id-repositories/LDAPv3ForOpenDS
Resource version: 1.0
create
Usage
am> create OpenDJ --realm Realm --id id --body body
Parameters
- --id
-
The unique identifier for the resource.
- --body
-
The resource in JSON format, described by the following JSON schema:
{ "type" : "object", "properties" : { "cachecontrol" : { "type" : "object", "title" : "Cache Control", "propertyOrder" : 9, "properties" : { "sun-idrepo-ldapv3-dncache-size" : { "title" : "DN Cache Size", "description" : "In DN items, only used when DN Cache is enabled.", "propertyOrder" : 6000, "required" : false, "type" : "integer", "exampleValue" : "" }, "sun-idrepo-ldapv3-dncache-enabled" : { "title" : "DN Cache", "description" : "Used to enable/disable the DN Cache within the OpenAM repository implementation.<br><br>The DN Cache is used to cache DN lookups which tend to happen in bursts during authentication. The DN Cache can become out of date when a user is moved or renamed in the underlying LDAP store and this is not reflected in a persistent search result. Enable when the underlying LDAP store supports persistent search and move/rename (mod_dn) results are available.", "propertyOrder" : 5900, "required" : false, "type" : "boolean", "exampleValue" : "" } } }, "groupconfig" : { "type" : "object", "title" : "Group Configuration", "propertyOrder" : 5, "properties" : { "sun-idrepo-ldapv3-config-memberof" : { "title" : "Attribute Name for Group Membership", "description" : "", "propertyOrder" : 3500, "required" : false, "type" : "string", "exampleValue" : "" }, "sun-idrepo-ldapv3-config-group-container-value" : { "title" : "LDAP Groups Container Value", "description" : "", "propertyOrder" : 3200, "required" : false, "type" : "string", "exampleValue" : "" }, "sun-idrepo-ldapv3-config-uniquemember" : { "title" : "Attribute Name of Unique Member", "description" : "", "propertyOrder" : 3600, "required" : false, "type" : "string", "exampleValue" : "" }, "sun-idrepo-ldapv3-config-group-objectclass" : { "title" : "LDAP Groups Object Class", "description" : "", "propertyOrder" : 3300, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "sun-idrepo-ldapv3-config-groups-search-filter" : { "title" : "LDAP Groups Search Filter", "description" : "", "propertyOrder" : 3000, "required" : false, "type" : "string", "exampleValue" : "" }, "sun-idrepo-ldapv3-config-group-container-name" : { "title" : "LDAP Groups Container Naming Attribute", "description" : "", "propertyOrder" : 3100, "required" : false, "type" : "string", "exampleValue" : "" }, "sun-idrepo-ldapv3-config-group-attributes" : { "title" : "LDAP Groups Attributes", "description" : "", "propertyOrder" : 3400, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "sun-idrepo-ldapv3-config-memberurl" : { "title" : "Attribute Name of Group Member URL", "description" : "", "propertyOrder" : 3700, "required" : false, "type" : "string", "exampleValue" : "" }, "sun-idrepo-ldapv3-config-groups-search-attribute" : { "title" : "LDAP Groups Search Attribute", "description" : "", "propertyOrder" : 2900, "required" : false, "type" : "string", "exampleValue" : "" } } }, "ldapsettings" : { "type" : "object", "title" : "Server Settings", "propertyOrder" : 0, "properties" : { "sun-idrepo-ldapv3-config-connection_pool_max_size" : { "title" : "LDAP Connection Pool Maximum Size", "description" : "", "propertyOrder" : 1200, "required" : false, "type" : "integer", "exampleValue" : "" }, "openam-idrepo-ldapv3-proxied-auth-denied-fallback" : { "title" : "Fallback using Bind DN if Proxied Authorization denied", "description" : "Enable this setting to fallback and retry using non-proxied authorization (DS proxied-auth privilege) when proxied authorization is denied. Normally this happens when the attributes cannot be changed because the account is locked or the password has expired. This setting is effective only when Proxied Authorization is enabled.", "propertyOrder" : 860, "required" : false, "type" : "boolean", "exampleValue" : "" }, "openam-idrepo-ldapv3-keepalive-searchbase" : { "title" : "LDAP Connection Heartbeat Search Base", "description" : "Defines the search base to the KeepAlive and Availability Search request.<br><br>This setting controls the search base to the KeepAlive and Availability search request. The default value for search base DN is \"\". The LDAP server connection pool will be marked as unavailable if the search fails with an error, returns no entries, or if more than one entry is returned.", "propertyOrder" : 1301, "required" : false, "type" : "string", "exampleValue" : "" }, "sun-idrepo-ldapv3-config-search-scope" : { "title" : "LDAPv3 Plug-in Search Scope", "description" : "", "propertyOrder" : 2000, "required" : false, "type" : "string", "exampleValue" : "" }, "sun-idrepo-ldapv3-config-max-result" : { "title" : "Maximum Results Returned from Search", "description" : "", "propertyOrder" : 1500, "required" : false, "type" : "integer", "exampleValue" : "" }, "openam-idrepo-ldapv3-keepalive-searchfilter" : { "title" : "LDAP Connection Heartbeat Search Filter", "description" : "Defines the search filter to the KeepAlive and Availability Search request.<br><br>This setting controls the search filter to the KeepAlive and Availability search request. The default value for search filter is \"(objectClass=*)\". The Absolute True and False filter \"(&)\" can also be used. The LDAP server connection pool will be marked as unavailable if the search fails with an error, returns no entries, or if more than one entry is returned.", "propertyOrder" : 1302, "required" : false, "type" : "string", "exampleValue" : "" }, "sun-idrepo-ldapv3-config-authid" : { "title" : "LDAP Bind DN", "description" : "A user or admin with sufficient access rights to perform the supported operations.", "propertyOrder" : 700, "required" : false, "type" : "string", "exampleValue" : "" }, "openam-idrepo-ldapv3-heartbeat-interval" : { "title" : "LDAP Connection Heartbeat Interval", "description" : "Specifies how often should OpenAM send a heartbeat request to the directory.<br><br>This setting controls how often OpenAM <b>should</b> send a heartbeat search request to the configured directory. If a connection becomes unresponsive (e.g. due to a network error) then it may take up to the interval period before the problem is detected. Use along with the Heartbeat Time Unit parameter to define the exact interval. Zero or negative value will result in disabling heartbeat requests.", "propertyOrder" : 1300, "required" : false, "type" : "integer", "exampleValue" : "" }, "openam-idrepo-ldapv3-heartbeat-timeunit" : { "title" : "LDAP Connection Heartbeat Time Unit", "description" : "Defines the time unit corresponding to the Heartbeat Interval setting.<br><br>This setting controls how often OpenAM <b>should</b> send a heartbeat search request to the configured directory. If a connection becomes unresponsive (e.g. due to a network error) then it may take up to the interval period before the problem is detected. Use along with the Heartbeat Interval parameter to define the exact interval.", "propertyOrder" : 1400, "required" : false, "type" : "string", "exampleValue" : "" }, "sun-idrepo-ldapv3-config-organization_name" : { "title" : "LDAP Organization DN", "description" : "", "propertyOrder" : 900, "required" : true, "type" : "string", "exampleValue" : "" }, "openam-idrepo-ldapv3-behera-support-enabled" : { "title" : "Behera Support Enabled", "description" : "When enabled, Behera draft control will be used in the outgoing requests for operations that may modify password value. This will allow OpenAM to display password policy related error messages when password policies are not met.", "propertyOrder" : 6100, "required" : false, "type" : "boolean", "exampleValue" : "" }, "sun-idrepo-ldapv3-config-ldap-server" : { "title" : "LDAP Server", "description" : "Format: LDAP server host name:port | server_ID | site_ID", "propertyOrder" : 600, "required" : true, "items" : { "type" : "string" }, "minItems" : 1, "type" : "array", "exampleValue" : "" }, "sun-idrepo-ldapv3-config-trust-all-server-certificates" : { "title" : "Trust All Server Certificates", "description" : "For secure connections to the identity store (LDAPS pr StartTLS) AM will trust all server certificates.<br><br>Use only where you trust completely the id repo server.", "propertyOrder" : 1050, "required" : false, "type" : "boolean", "exampleValue" : "" }, "openam-idrepo-ldapv3-proxied-auth-enabled" : { "title" : "Proxied Authorization using Bind DN", "description" : "Enable this setting if you have configured the LDAP bind DN account for proxied authorization (DS proxied-auth privilege). Do not enable this property if the LDAP bind DN account does not have the proxied-auth privilege granted because the user would not be able to reset their password. DS and AM log an error when this occurs.", "propertyOrder" : 850, "required" : false, "type" : "boolean", "exampleValue" : "" }, "sun-idrepo-ldapv3-config-connection_pool_min_size" : { "title" : "LDAP Connection Pool Minimum Size", "description" : "", "propertyOrder" : 1100, "required" : false, "type" : "integer", "exampleValue" : "" }, "sun-idrepo-ldapv3-config-connection-mode" : { "title" : "LDAP Connection Mode", "description" : "Defines which protocol/operation is used to establish the connection to the LDAP Directory Server.<br><br>If 'LDAP' is selected, the connection <b>won't be secured</b> and passwords are transferred in <b>cleartext</b> over the network.<br/> If 'LDAPS' is selected, the connection is secured via SSL or TLS. <br/> If 'StartTLS' is selected, the connection is secured by using StartTLS extended operation.", "propertyOrder" : 1000, "required" : false, "type" : "string", "exampleValue" : "" }, "sun-idrepo-ldapv3-config-authpw" : { "title" : "LDAP Bind Password", "description" : "", "propertyOrder" : 800, "required" : false, "type" : "string", "format" : "password", "exampleValue" : "" }, "openam-idrepo-ldapv3-affinity-enabled" : { "title" : "Affinity Enabled", "description" : "Enables affinity based request load balancing when accessing the user store servers (based on DN). It is imperative that the connection string setting is set to the same value for all OpenAM servers in the deployment when this feature is enabled.", "propertyOrder" : 6300, "required" : true, "type" : "boolean", "exampleValue" : "" }, "sun-idrepo-ldapv3-config-time-limit" : { "title" : "Search Timeout", "description" : "In seconds.", "propertyOrder" : 1600, "required" : false, "type" : "integer", "exampleValue" : "" } } }, "userconfig" : { "type" : "object", "title" : "User Configuration", "propertyOrder" : 3, "properties" : { "sun-idrepo-ldapv3-config-users-search-attribute" : { "title" : "LDAP Users Search Attribute", "description" : "", "propertyOrder" : 2100, "required" : false, "type" : "string", "exampleValue" : "" }, "sun-idrepo-ldapv3-config-people-container-value" : { "title" : "LDAP People Container Value", "description" : "", "propertyOrder" : 5100, "required" : false, "type" : "string", "exampleValue" : "" }, "sun-idrepo-ldapv3-config-active" : { "title" : "User Status Active Value", "description" : "", "propertyOrder" : 2700, "required" : false, "type" : "string", "exampleValue" : "" }, "sun-idrepo-ldapv3-config-user-attributes" : { "title" : "LDAP User Attributes", "description" : "", "propertyOrder" : 2400, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "sun-idrepo-ldapv3-config-createuser-attr-mapping" : { "title" : "Create User Attribute Mapping", "description" : "Format: attribute name or TargetAttributeName=SourceAttributeName", "propertyOrder" : 2500, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "sun-idrepo-ldapv3-config-isactive" : { "title" : "Attribute Name of User Status", "description" : "", "propertyOrder" : 2600, "required" : false, "type" : "string", "exampleValue" : "" }, "sun-idrepo-ldapv3-config-user-objectclass" : { "title" : "LDAP User Object Class", "description" : "", "propertyOrder" : 2300, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "sun-idrepo-ldapv3-config-auth-kba-index-attr" : { "title" : "Knowledge Based Authentication Active Index", "description" : "", "propertyOrder" : 5400, "required" : false, "type" : "string", "exampleValue" : "" }, "sun-idrepo-ldapv3-config-users-search-filter" : { "title" : "LDAP Users Search Filter", "description" : "", "propertyOrder" : 2200, "required" : false, "type" : "string", "exampleValue" : "" }, "sun-idrepo-ldapv3-config-auth-kba-attempts-attr" : { "title" : "Knowledge Based Authentication Attempts Attribute Name", "description" : "", "propertyOrder" : 5410, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "sun-idrepo-ldapv3-config-people-container-name" : { "title" : "LDAP People Container Naming Attribute", "description" : "", "propertyOrder" : 5000, "required" : false, "type" : "string", "exampleValue" : "" }, "sun-idrepo-ldapv3-config-auth-kba-attr" : { "title" : "Knowledge Based Authentication Attribute Name", "description" : "", "propertyOrder" : 5300, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "sun-idrepo-ldapv3-config-inactive" : { "title" : "User Status Inactive Value", "description" : "", "propertyOrder" : 2800, "required" : false, "type" : "string", "exampleValue" : "" } } }, "errorhandling" : { "type" : "object", "title" : "Error Handling Configuration", "propertyOrder" : 8, "properties" : { "com.iplanet.am.ldap.connection.delay.between.retries" : { "title" : "The Delay Time Between Retries", "description" : "In milliseconds.", "propertyOrder" : 5800, "required" : false, "type" : "integer", "exampleValue" : "" } } }, "authentication" : { "type" : "object", "title" : "Authentication Configuration", "propertyOrder" : 4, "properties" : { "sun-idrepo-ldapv3-config-auth-naming-attr" : { "title" : "Authentication Naming Attribute", "description" : "", "propertyOrder" : 5200, "required" : false, "type" : "string", "exampleValue" : "" } } }, "persistentsearch" : { "type" : "object", "title" : "Persistent Search Controls", "propertyOrder" : 7, "properties" : { "sun-idrepo-ldapv3-config-psearch-scope" : { "title" : "Persistent Search Scope", "description" : "", "propertyOrder" : 5700, "required" : false, "type" : "string", "exampleValue" : "" }, "sun-idrepo-ldapv3-config-psearchbase" : { "title" : "Persistent Search Base DN", "description" : "", "propertyOrder" : 5500, "required" : false, "type" : "string", "exampleValue" : "" }, "sun-idrepo-ldapv3-config-psearch-filter" : { "title" : "Persistent Search Filter", "description" : "", "propertyOrder" : 5600, "required" : false, "type" : "string", "exampleValue" : "" } } }, "pluginconfig" : { "type" : "object", "title" : "Plug-in Configuration", "propertyOrder" : 2, "properties" : { "sunIdRepoSupportedOperations" : { "title" : "LDAPv3 Plug-in Supported Types and Operations", "description" : "", "propertyOrder" : 1900, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "sunIdRepoAttributeMapping" : { "title" : "Attribute Name Mapping", "description" : "", "propertyOrder" : 1800, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "sunIdRepoClass" : { "title" : "LDAPv3 Repository Plug-in Class Name", "description" : "", "propertyOrder" : 1700, "required" : true, "type" : "string", "exampleValue" : "" } } } } }
delete
Usage
am> delete OpenDJ --realm Realm --id id
Parameters
- --id
-
The unique identifier for the resource.
getAllTypes
Obtain the collection of all secondary configuration types related to the resource.
Usage
am> action OpenDJ --realm Realm --actionName getAllTypes
getCreatableTypes
Obtain the collection of secondary configuration types that have yet to be added to the resource.
Usage
am> action OpenDJ --realm Realm --actionName getCreatableTypes
nextdescendents
Obtain the collection of secondary configuration instances that have been added to the resource.
Usage
am> action OpenDJ --realm Realm --actionName nextdescendents
query
Get the full list of instances of this collection. This query only supports _queryFilter=true filter.
Usage
am> query OpenDJ --realm Realm --filter filter
Parameters
- --filter
-
A CREST formatted query filter, where "true" will query all.
read
Usage
am> read OpenDJ --realm Realm --id id
Parameters
- --id
-
The unique identifier for the resource.
update
Usage
am> update OpenDJ --realm Realm --id id --body body
Parameters
- --id
-
The unique identifier for the resource.
- --body
-
The resource in JSON format, described by the following JSON schema:
{ "type" : "object", "properties" : { "cachecontrol" : { "type" : "object", "title" : "Cache Control", "propertyOrder" : 9, "properties" : { "sun-idrepo-ldapv3-dncache-size" : { "title" : "DN Cache Size", "description" : "In DN items, only used when DN Cache is enabled.", "propertyOrder" : 6000, "required" : false, "type" : "integer", "exampleValue" : "" }, "sun-idrepo-ldapv3-dncache-enabled" : { "title" : "DN Cache", "description" : "Used to enable/disable the DN Cache within the OpenAM repository implementation.<br><br>The DN Cache is used to cache DN lookups which tend to happen in bursts during authentication. The DN Cache can become out of date when a user is moved or renamed in the underlying LDAP store and this is not reflected in a persistent search result. Enable when the underlying LDAP store supports persistent search and move/rename (mod_dn) results are available.", "propertyOrder" : 5900, "required" : false, "type" : "boolean", "exampleValue" : "" } } }, "groupconfig" : { "type" : "object", "title" : "Group Configuration", "propertyOrder" : 5, "properties" : { "sun-idrepo-ldapv3-config-memberof" : { "title" : "Attribute Name for Group Membership", "description" : "", "propertyOrder" : 3500, "required" : false, "type" : "string", "exampleValue" : "" }, "sun-idrepo-ldapv3-config-group-container-value" : { "title" : "LDAP Groups Container Value", "description" : "", "propertyOrder" : 3200, "required" : false, "type" : "string", "exampleValue" : "" }, "sun-idrepo-ldapv3-config-uniquemember" : { "title" : "Attribute Name of Unique Member", "description" : "", "propertyOrder" : 3600, "required" : false, "type" : "string", "exampleValue" : "" }, "sun-idrepo-ldapv3-config-group-objectclass" : { "title" : "LDAP Groups Object Class", "description" : "", "propertyOrder" : 3300, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "sun-idrepo-ldapv3-config-groups-search-filter" : { "title" : "LDAP Groups Search Filter", "description" : "", "propertyOrder" : 3000, "required" : false, "type" : "string", "exampleValue" : "" }, "sun-idrepo-ldapv3-config-group-container-name" : { "title" : "LDAP Groups Container Naming Attribute", "description" : "", "propertyOrder" : 3100, "required" : false, "type" : "string", "exampleValue" : "" }, "sun-idrepo-ldapv3-config-group-attributes" : { "title" : "LDAP Groups Attributes", "description" : "", "propertyOrder" : 3400, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "sun-idrepo-ldapv3-config-memberurl" : { "title" : "Attribute Name of Group Member URL", "description" : "", "propertyOrder" : 3700, "required" : false, "type" : "string", "exampleValue" : "" }, "sun-idrepo-ldapv3-config-groups-search-attribute" : { "title" : "LDAP Groups Search Attribute", "description" : "", "propertyOrder" : 2900, "required" : false, "type" : "string", "exampleValue" : "" } } }, "ldapsettings" : { "type" : "object", "title" : "Server Settings", "propertyOrder" : 0, "properties" : { "sun-idrepo-ldapv3-config-connection_pool_max_size" : { "title" : "LDAP Connection Pool Maximum Size", "description" : "", "propertyOrder" : 1200, "required" : false, "type" : "integer", "exampleValue" : "" }, "openam-idrepo-ldapv3-proxied-auth-denied-fallback" : { "title" : "Fallback using Bind DN if Proxied Authorization denied", "description" : "Enable this setting to fallback and retry using non-proxied authorization (DS proxied-auth privilege) when proxied authorization is denied. Normally this happens when the attributes cannot be changed because the account is locked or the password has expired. This setting is effective only when Proxied Authorization is enabled.", "propertyOrder" : 860, "required" : false, "type" : "boolean", "exampleValue" : "" }, "openam-idrepo-ldapv3-keepalive-searchbase" : { "title" : "LDAP Connection Heartbeat Search Base", "description" : "Defines the search base to the KeepAlive and Availability Search request.<br><br>This setting controls the search base to the KeepAlive and Availability search request. The default value for search base DN is \"\". The LDAP server connection pool will be marked as unavailable if the search fails with an error, returns no entries, or if more than one entry is returned.", "propertyOrder" : 1301, "required" : false, "type" : "string", "exampleValue" : "" }, "sun-idrepo-ldapv3-config-search-scope" : { "title" : "LDAPv3 Plug-in Search Scope", "description" : "", "propertyOrder" : 2000, "required" : false, "type" : "string", "exampleValue" : "" }, "sun-idrepo-ldapv3-config-max-result" : { "title" : "Maximum Results Returned from Search", "description" : "", "propertyOrder" : 1500, "required" : false, "type" : "integer", "exampleValue" : "" }, "openam-idrepo-ldapv3-keepalive-searchfilter" : { "title" : "LDAP Connection Heartbeat Search Filter", "description" : "Defines the search filter to the KeepAlive and Availability Search request.<br><br>This setting controls the search filter to the KeepAlive and Availability search request. The default value for search filter is \"(objectClass=*)\". The Absolute True and False filter \"(&)\" can also be used. The LDAP server connection pool will be marked as unavailable if the search fails with an error, returns no entries, or if more than one entry is returned.", "propertyOrder" : 1302, "required" : false, "type" : "string", "exampleValue" : "" }, "sun-idrepo-ldapv3-config-authid" : { "title" : "LDAP Bind DN", "description" : "A user or admin with sufficient access rights to perform the supported operations.", "propertyOrder" : 700, "required" : false, "type" : "string", "exampleValue" : "" }, "openam-idrepo-ldapv3-heartbeat-interval" : { "title" : "LDAP Connection Heartbeat Interval", "description" : "Specifies how often should OpenAM send a heartbeat request to the directory.<br><br>This setting controls how often OpenAM <b>should</b> send a heartbeat search request to the configured directory. If a connection becomes unresponsive (e.g. due to a network error) then it may take up to the interval period before the problem is detected. Use along with the Heartbeat Time Unit parameter to define the exact interval. Zero or negative value will result in disabling heartbeat requests.", "propertyOrder" : 1300, "required" : false, "type" : "integer", "exampleValue" : "" }, "openam-idrepo-ldapv3-heartbeat-timeunit" : { "title" : "LDAP Connection Heartbeat Time Unit", "description" : "Defines the time unit corresponding to the Heartbeat Interval setting.<br><br>This setting controls how often OpenAM <b>should</b> send a heartbeat search request to the configured directory. If a connection becomes unresponsive (e.g. due to a network error) then it may take up to the interval period before the problem is detected. Use along with the Heartbeat Interval parameter to define the exact interval.", "propertyOrder" : 1400, "required" : false, "type" : "string", "exampleValue" : "" }, "sun-idrepo-ldapv3-config-organization_name" : { "title" : "LDAP Organization DN", "description" : "", "propertyOrder" : 900, "required" : true, "type" : "string", "exampleValue" : "" }, "openam-idrepo-ldapv3-behera-support-enabled" : { "title" : "Behera Support Enabled", "description" : "When enabled, Behera draft control will be used in the outgoing requests for operations that may modify password value. This will allow OpenAM to display password policy related error messages when password policies are not met.", "propertyOrder" : 6100, "required" : false, "type" : "boolean", "exampleValue" : "" }, "sun-idrepo-ldapv3-config-ldap-server" : { "title" : "LDAP Server", "description" : "Format: LDAP server host name:port | server_ID | site_ID", "propertyOrder" : 600, "required" : true, "items" : { "type" : "string" }, "minItems" : 1, "type" : "array", "exampleValue" : "" }, "sun-idrepo-ldapv3-config-trust-all-server-certificates" : { "title" : "Trust All Server Certificates", "description" : "For secure connections to the identity store (LDAPS pr StartTLS) AM will trust all server certificates.<br><br>Use only where you trust completely the id repo server.", "propertyOrder" : 1050, "required" : false, "type" : "boolean", "exampleValue" : "" }, "openam-idrepo-ldapv3-proxied-auth-enabled" : { "title" : "Proxied Authorization using Bind DN", "description" : "Enable this setting if you have configured the LDAP bind DN account for proxied authorization (DS proxied-auth privilege). Do not enable this property if the LDAP bind DN account does not have the proxied-auth privilege granted because the user would not be able to reset their password. DS and AM log an error when this occurs.", "propertyOrder" : 850, "required" : false, "type" : "boolean", "exampleValue" : "" }, "sun-idrepo-ldapv3-config-connection_pool_min_size" : { "title" : "LDAP Connection Pool Minimum Size", "description" : "", "propertyOrder" : 1100, "required" : false, "type" : "integer", "exampleValue" : "" }, "sun-idrepo-ldapv3-config-connection-mode" : { "title" : "LDAP Connection Mode", "description" : "Defines which protocol/operation is used to establish the connection to the LDAP Directory Server.<br><br>If 'LDAP' is selected, the connection <b>won't be secured</b> and passwords are transferred in <b>cleartext</b> over the network.<br/> If 'LDAPS' is selected, the connection is secured via SSL or TLS. <br/> If 'StartTLS' is selected, the connection is secured by using StartTLS extended operation.", "propertyOrder" : 1000, "required" : false, "type" : "string", "exampleValue" : "" }, "sun-idrepo-ldapv3-config-authpw" : { "title" : "LDAP Bind Password", "description" : "", "propertyOrder" : 800, "required" : false, "type" : "string", "format" : "password", "exampleValue" : "" }, "openam-idrepo-ldapv3-affinity-enabled" : { "title" : "Affinity Enabled", "description" : "Enables affinity based request load balancing when accessing the user store servers (based on DN). It is imperative that the connection string setting is set to the same value for all OpenAM servers in the deployment when this feature is enabled.", "propertyOrder" : 6300, "required" : true, "type" : "boolean", "exampleValue" : "" }, "sun-idrepo-ldapv3-config-time-limit" : { "title" : "Search Timeout", "description" : "In seconds.", "propertyOrder" : 1600, "required" : false, "type" : "integer", "exampleValue" : "" } } }, "userconfig" : { "type" : "object", "title" : "User Configuration", "propertyOrder" : 3, "properties" : { "sun-idrepo-ldapv3-config-users-search-attribute" : { "title" : "LDAP Users Search Attribute", "description" : "", "propertyOrder" : 2100, "required" : false, "type" : "string", "exampleValue" : "" }, "sun-idrepo-ldapv3-config-people-container-value" : { "title" : "LDAP People Container Value", "description" : "", "propertyOrder" : 5100, "required" : false, "type" : "string", "exampleValue" : "" }, "sun-idrepo-ldapv3-config-active" : { "title" : "User Status Active Value", "description" : "", "propertyOrder" : 2700, "required" : false, "type" : "string", "exampleValue" : "" }, "sun-idrepo-ldapv3-config-user-attributes" : { "title" : "LDAP User Attributes", "description" : "", "propertyOrder" : 2400, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "sun-idrepo-ldapv3-config-createuser-attr-mapping" : { "title" : "Create User Attribute Mapping", "description" : "Format: attribute name or TargetAttributeName=SourceAttributeName", "propertyOrder" : 2500, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "sun-idrepo-ldapv3-config-isactive" : { "title" : "Attribute Name of User Status", "description" : "", "propertyOrder" : 2600, "required" : false, "type" : "string", "exampleValue" : "" }, "sun-idrepo-ldapv3-config-user-objectclass" : { "title" : "LDAP User Object Class", "description" : "", "propertyOrder" : 2300, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "sun-idrepo-ldapv3-config-auth-kba-index-attr" : { "title" : "Knowledge Based Authentication Active Index", "description" : "", "propertyOrder" : 5400, "required" : false, "type" : "string", "exampleValue" : "" }, "sun-idrepo-ldapv3-config-users-search-filter" : { "title" : "LDAP Users Search Filter", "description" : "", "propertyOrder" : 2200, "required" : false, "type" : "string", "exampleValue" : "" }, "sun-idrepo-ldapv3-config-auth-kba-attempts-attr" : { "title" : "Knowledge Based Authentication Attempts Attribute Name", "description" : "", "propertyOrder" : 5410, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "sun-idrepo-ldapv3-config-people-container-name" : { "title" : "LDAP People Container Naming Attribute", "description" : "", "propertyOrder" : 5000, "required" : false, "type" : "string", "exampleValue" : "" }, "sun-idrepo-ldapv3-config-auth-kba-attr" : { "title" : "Knowledge Based Authentication Attribute Name", "description" : "", "propertyOrder" : 5300, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "sun-idrepo-ldapv3-config-inactive" : { "title" : "User Status Inactive Value", "description" : "", "propertyOrder" : 2800, "required" : false, "type" : "string", "exampleValue" : "" } } }, "errorhandling" : { "type" : "object", "title" : "Error Handling Configuration", "propertyOrder" : 8, "properties" : { "com.iplanet.am.ldap.connection.delay.between.retries" : { "title" : "The Delay Time Between Retries", "description" : "In milliseconds.", "propertyOrder" : 5800, "required" : false, "type" : "integer", "exampleValue" : "" } } }, "authentication" : { "type" : "object", "title" : "Authentication Configuration", "propertyOrder" : 4, "properties" : { "sun-idrepo-ldapv3-config-auth-naming-attr" : { "title" : "Authentication Naming Attribute", "description" : "", "propertyOrder" : 5200, "required" : false, "type" : "string", "exampleValue" : "" } } }, "persistentsearch" : { "type" : "object", "title" : "Persistent Search Controls", "propertyOrder" : 7, "properties" : { "sun-idrepo-ldapv3-config-psearch-scope" : { "title" : "Persistent Search Scope", "description" : "", "propertyOrder" : 5700, "required" : false, "type" : "string", "exampleValue" : "" }, "sun-idrepo-ldapv3-config-psearchbase" : { "title" : "Persistent Search Base DN", "description" : "", "propertyOrder" : 5500, "required" : false, "type" : "string", "exampleValue" : "" }, "sun-idrepo-ldapv3-config-psearch-filter" : { "title" : "Persistent Search Filter", "description" : "", "propertyOrder" : 5600, "required" : false, "type" : "string", "exampleValue" : "" } } }, "pluginconfig" : { "type" : "object", "title" : "Plug-in Configuration", "propertyOrder" : 2, "properties" : { "sunIdRepoSupportedOperations" : { "title" : "LDAPv3 Plug-in Supported Types and Operations", "description" : "", "propertyOrder" : 1900, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "sunIdRepoAttributeMapping" : { "title" : "Attribute Name Mapping", "description" : "", "propertyOrder" : 1800, "required" : false, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "sunIdRepoClass" : { "title" : "LDAPv3 Repository Plug-in Class Name", "description" : "", "propertyOrder" : 1700, "required" : true, "type" : "string", "exampleValue" : "" } } } } }