Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the “License”); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an “AS IS” BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
This document lists the properties used within the fortress core. These props can be stored in various locations. For example as system.properties, in a file on within an LDAP node. See the README-CONFIG for description of how the config system works.
This section describes the properties needed to control fortress core.
# Host name and port of LDAP DIT: host=localhost port=10389
# If ApacheDS server: ldap.server.type=apacheds
# Else if OpenLDAP server: ldap.server.type=slapd
# Else leave blank: #ldap.server.type=other
# If ApacheDS it will look something like this: admin.user=uid=admin,ou=system admin.pw=secret
# Else If OpenLDAP it will look something like this: admin.user=cn=Manager,dc=example,dc=com
# This is min/max settings for LDAP connections. For testing and low-volume instances this will work: min.admin.conn=1 max.admin.conn=10
# This node contains fortress properties stored on behalf of connecting LDAP clients: config.realm=DEFAULT config.root=ou=Config,dc=example,dc=com
# Used for SSL Connection to LDAP Server: enable.ldap.ssl=true enable.ldap.ssl.debug=true trust.store=/fully/qualified/path/and/file/name/to/java/truststore trust.store.password=changeit trust.store.set.prop=true
# This will override default LDAP manager implementations for the RESTful ones: enable.mgr.impl.rest=true
# Optional parameters needed when Fortress client is connecting with the En Masse (rather than LDAP) server: http.user=demouser4 http.pw=gX9JbCTxJW5RiH+otQEX0Ja0RIAoPBQf http.host=localhost http.port=8080
# ApacheDS stores its password policies objects here by default: apacheds.pwpolicy.root=ou=passwordPolicies,ads-interceptorId=authenticationInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config
# Define the high-level structure of LDAP DIT: suffix=dc=example,dc=com config.root=ou=Config,dc=example,dc=com user.root=ou=People,dc=example,dc=com pwpolicy.root=ou=Policies,dc=example,dc=com role.root=ou=Roles,ou=RBAC,dc=example,dc=com perm.root=ou=Permissions,ou=RBAC,dc=example,dc=com sdconstraint.root=ou=Constraints,ou=RBAC,dc=example,dc=com userou.root=ou=OS-U,ou=ARBAC,dc=example,dc=com permou.root=ou=OS-P,ou=ARBAC,dc=example,dc=com adminrole.root=ou=AdminRoles,ou=ARBAC,dc=example,dc=com adminperm.root=ou=AdminPerms,ou=ARBAC,dc=example,dc=com audit.root=cn=log group.root=ou=Groups,dc=example,dc=com example.root=ou=Examples,dc=example,dc=com
superadmin.role=fortress-core-super-admin
# these properties will enable temporal constraint checks on role activations: temporal.validator.0=org.apache.directory.fortress.core.util.time.Date temporal.validator.1=org.apache.directory.fortress.core.util.time.LockDate temporal.validator.2=org.apache.directory.fortress.core.util.time.Timeout temporal.validator.3=org.apache.directory.fortress.core.util.time.ClockTime temporal.validator.4=org.apache.directory.fortress.core.util.time.Day
# enabling this property will enable Dynamic Separation of Duty constraint checks on role activations: temporal.validator.dsd=org.apache.directory.fortress.core.impl.DSDChecker
# Users in the following list cannot be deleted using OAM admin functions (AdminMgr.deleteUser, AdminMgr.forceDeleteUser) sys.user.1=oamTU6User1 sys.user.2=oamTU6User2 sys.user.3=oamTU6User3 sys.user.4=oamTU6User4 sys.user.5=oamTU6User5
# Fortress Class Definitions: NOT NEEDED UNLESS OVERIDING DEFAULT IMPLEMENTATIONS accessmgr.implementation=org.apache.directory.fortress.core.impl.AccessMgrImpl auditmgr.implementation=org.apache.directory.fortress.core.impl.AuditMgrImpl
ehcache.config.file=ehcache.xml
# Fortress Data Validation settings field.length=130
# This section is for filtering out LDAP meta characters from search field input: # Ensure the chars are placed in ASCII value ascending order. # This must match the total number of items that need to be filtered in our list: ldap.filter.size=15 #! 33 0041 0x21 ldap.filter.1=! ldap.sub.1=21 #% 37 0045 0x25 ldap.filter.2=% ldap.sub.2=25 #& 38 0046 0x26 ldap.filter.3=& ldap.sub.3=26 #( 40 0050 0x28 ldap.filter.4=( ldap.sub.4=28 #) 41 0051 0x29 ldap.filter.5=) ldap.sub.5=29 #* 42 0052 0x2a ldap.filter.6=* ldap.sub.6=2a #+ 43 0053 0x2b ldap.filter.7=+ ldap.sub.7=2b #- 45 0055 0x2d ldap.filter.8=- ldap.sub.8=2d #/ 47 0057 0x2f ldap.filter.9=/ ldap.sub.9=2f #< 60 0074 0x3c ldap.filter.10=< ldap.sub.10=3c #= 61 0075 0x3d ldap.filter.11== ldap.sub.11=3d #> 62 0076 0x3e ldap.filter.12=> ldap.sub.12=3e #\ 92 0134 0x5c ldap.filter.13=\\ ldap.sub.13=5c #| 124 0174 0x7c ldap.filter.14=| ldap.sub.14=7c #~ 126 0176 0x7e ldap.filter.15=~ ldap.sub.15=7e
user.objectclass=inetOrgPerson group.objectclass=configGroup group.protocol=configProtocol group.properties=ftProps
disable.audit=true
# Use '$' as delimiter attr.delimiter=$
dao.connector=apache #keep alphanumerics and dashes regXSafetext=^A-Za-z0-9- . crypto.prop=${crypto.prop} clientside.sorting=true