| # |
| # Licensed to the Apache Software Foundation (ASF) under one |
| # or more contributor license agreements. See the NOTICE file |
| # distributed with this work for additional information |
| # regarding copyright ownership. The ASF licenses this file |
| # to you under the Apache License, Version 2.0 (the |
| # "License"); you may not use this file except in compliance |
| # with the License. You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, |
| # software distributed under the License is distributed on an |
| # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| # KIND, either express or implied. See the License for the |
| # specific language governing permissions and limitations |
| # under the License. |
| # |
| # |
| |
| # LDAP Server type. Each LDAP server impl has different behavior on operations like password policies and audit. If using a 3rd type of server that isn't formally supported, leave blank or type is other. |
| # If ApacheDS server: |
| ldap.server.type=apacheds |
| # Else if OpenLDAP server: |
| #ldap.server.type=openldap |
| # Else leave blank: |
| #ldap.server.type=other |
| |
| # Host name and port of LDAP DIT: |
| host=localhost |
| port=10389 |
| |
| # Set the credentials of service account. Must have read/write privileges over the Fortress LDAP DIT: |
| # If ApacheDS it will look something like this: |
| admin.user=uid=admin,ou=system |
| admin.pw=secret |
| # Else If OpenLDAP it will look something like this: |
| #admin.user=cn=Manager,dc=example,dc=com |
| |
| # This is min/max settings for LDAP administrator pool connections that have read/write access to all nodes under suffix: |
| min.admin.conn=1 |
| max.admin.conn=25 |
| |
| # This is min/max connection pool settings for LDAP User authentication connection pool: |
| min.user.conn=1 |
| max.user.conn=10 |
| |
| # Used for read/write access to slapd access log suffix, for openldap audit support (OpenLDAP only): |
| #log.admin.user=cn=Manager,cn=log |
| #log.admin.pw=secret |
| # This is min/max settings for LDAP connections to read slapo access log (OpenLDAP only): |
| #min.log.conn=1 |
| #max.log.conn=3 |
| |
| # Applies to all pools, connection validated on retrieval with dummy ldapsearch. (default is false) |
| #validate.conn.borrow=false |
| # Applies to all pools, connection validated when idle with dummy ldapsearch. (default is false) |
| #validate.conn.idle=false |
| # Applies to all pools, when all connections are exhausted will block. (default is true) |
| #max.conn.block=true |
| # Applies to all pools, when all connections are exhausted will block for this many milliseconds. (default is 5000) |
| #max.conn.block.time=5000 |
| |
| # Used for SSL Connection to LDAP Server: |
| #enable.ldap.ssl=true |
| #enable.ldap.ssl.debug=true |
| #trust.store=/fully/qualified/path/and/file/name/to/java/truststore |
| #trust.store.password=changeit |
| |
| # This node contains fortress properties stored on behalf of connecting LDAP clients: |
| config.realm=DEFAULT |
| config.root=ou=Config,dc=example,dc=com |
| |
| # enable this to see trace statements when connection pool allocates new connections: |
| debug.ldap.pool=false |
| |
| # Default for pool reconnect flag is false: |
| enable.pool.reconnect=true |
| |
| # Set to true if using API 2.0.2 and need relax control (default is false): |
| enable.relax.control.registration=false |
| |
| ehcache.config.file=ehcache.xml |
| |
| # If for any reason echcache must be DISABLED for DSD, make sure this parameter is set to 'true' which is the default. Otherwise performance penalty will be incurred during multi-role activations. |
| disable.dsd.cache=false |
| |
| # Boolean value. If true, requires rfc2307bis schema because posixUser and posixGroup must be auxiliary object classes to work with ftRls which is structural.. |
| rfc2307=false |
| |
| # Boolean value. Disabled by default. If this is set to true, the runtime will enforce administrative permissions and ARBAC02 DA checks: |
| is.arbac02=false |
| |
| # ApacheDS stores its password policies objects here by default: |
| apacheds.pwpolicy.root=ou=passwordPolicies,ads-interceptorId=authenticationInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config |