These parameters can be defined for the following Desktop Manager components:
Desktop Manager, in the files defining the Configuration Repositories (located in /etc/opt/SUNWapcmg/).
Configuration Agent, in the /etc/apoc/policymgr.properties file.
Desktop Manager CLI, in the $HOME/pgtool.properties file, with the restriction that the CLI only supports pure LDAP repositories.
The parameters can be prefixed to indicate which repository provider they apply to. For each provider, the parameter with the prefix is considered first. If such a parameter is not defined, then the parameter without the prefix is used.
Table A–1 Prefixes
Prefix Value |
Repository Provider |
---|---|
ORGANIZATION_ |
Organization Tree |
DOMAIN_ |
Domain Tree |
PROFILE_ |
Profiles |
ASSIGNMENT_ |
Assignments |
LDAP_META_CONF_ |
Mapping data in the case of LDAP repositories |
Table A–2 Parameters
Name |
Description |
Possible Values |
Default Value |
---|---|---|---|
PROVIDER_URL |
URL specifying the connection to the repository. A list of URLs can be used to specify fallback repositories in case the connection to the first one does not succeed. |
List of one or more white-space-separated URLs, each URL being of one of the following forms: ldap://<host>:<port>/<baseDN> ldaps://<host>:<port>/<baseDN> file://<filepath> http://<host>:<port>/<filepath> https://<host>:<port>/<filepath> |
None, mandatory parameter |
SECURITY_PRINCIPAL |
User name for the connection to the repository. |
User name of a user that has read and search access rights to the repository or no value for anonymous connections. |
None, anonymous connection |
SECURITY_CREDENTIALS |
Password for the user defined in SECURITY_PRINCIPAL. |
Scrambled or clear text password. |
None |
SECURITY_CREDENTIALS _ENCODING |
Indicates whether the password defined in SECURITY_PRINCIPAL is scrambled. Warning: the password scrambling is just a mask over the password, it constitutes by no means any type of secure encryption. |
“scramble” if the password is scrambled (automatically done by wizards when generating the configuration data). “none” if the password appears in clear text; use this value if you wish to edit the password. |
“none” |
MAX_SEARCH_RESULT |
Maximum number of results given by a search in any of the repositories. Note: the prefix scheme does not apply to this parameter. |
Positive number, 0 means no limit. |
100 |
The following parameters apply to LDAP repositories only.
Table A–3 LDAP Specific Parameters
Name |
Description |
Possible Values |
Default Value |
---|---|---|---|
AuthDn |
Fully qualified DN of a user to be used for the first access to the LDAP repository, in order to retrieve the user defined in SECURITY_PRINCIPAL. |
User name of a user that has read and search access rights to the repository, or no value for anonymous connections. |
None, anonymous access |
Password |
Password for AuthDN. |
Scrambled or clear text password. |
None |
Password_ENCODING |
Indicates whether the password defined in Password is scrambled. Warning: the password scrambling is just a mask over the password, it constitutes by no means any type of secure encryption. |
“scramble” if the password is scrambled (automatically done by wizards when generating the configuration data). “none” if the password appears in clear text; use this value if you wish to edit the password. |
“none” |
Connect Timeout |
Connection creation timeout in seconds. |
Positive number, 0 for unlimited time. |
1 |
Example for a hybrid backend, where the information about the hosts and users is obtained from an existing LDAP repository, while the profiles and their assignments are stored on the file system.
#Organization, Domain, MetaConf PROVIDER_URL = ldap://server1.sun.com:389/o=apoc ldap://server2.sun.com:389/o=apoc SECURITY_PRINCIPAL = jmonroe SECURITY_CREDENTIALS = JmonroE SECURITY_CREDENTIALS_ENCODING = none AuthDn = cn=reader,ou=special users,o=apoc Password = lakjflajf Password_ENCODING = scramble ConnectTimeout = 5 #Profile PROFILE_PROVIDER_URL = file:///path/to/repository #Assignment ASSIGNMENT_PROVIDER_URL = file:///path/to/repository |