Table 15.1 Descriptions of JNDI Environment Properties
Environment Property
|
Description
|
java.naming.factory.initial
|
Used to select the LDAP provider. To select the Netscape LDAP provider, specify com.netscape.jndi.ldap.LdapContextFactory
|
java.naming.provider.url
|
Specifies LDAP server information. For example:
env.put(Context.PROVIDER_URL, "ldap://dilly.mcom.com:389");
If this property is not set, the Service Provider will attempt to access an LDAP server at port 389 of the local host.
|
java.naming.ldap.version
|
Specifies the protocol version for the Service Provider. Two values are possible:
2 - selects LDAP Version 2 (LDAPv2)
3 - selects LDAP Version 3 (LDAPv3)
For example:
env.put("java.naming.ldap.version", "3");
sets the protocol version to 3.
If this property is not set, the Service Provider will attempt to use LDAPv3. If this fails, LDAPv2 is used.
|
java.naming.security.authentication
|
Specifies the authentication mechanism that the Service Provider will use. The following values are permitted:
none - use no authentication (anonymous)
simple - use weak authentication (clear text password)
If this environment property is not set but the java.naming.security.principal property has been set, the Service Provider will use simple authentication. If neither property is set, the Service Provider will bind anonymously.
|
java.naming.security.principal
|
Specifies the DN of the authenticating principal. For example:
env.put(Context.SECURITY_PRINCIPAL, "cn=Directory Manager");
If this property is not set, the Service Provider will bind anonymously.
|
java.naming.security.credentials
|
Specifies the password of the authenticating principal. For example:
env.put(Context.SECURITY_CREDENTIALS, "secret");
|
java.naming.security.protocol
|
Specifies the security protocol that the Service Provider will use. One possible value is defined:
ssl - use Secure Socket Layer
This is implemented as follows:
env.put(Context.SECURITY_PROTOCOL, "ssl");
When this property is set and the java.naming.ldap.factory.socket property has not been set, the default socket factory netscape.net.SSLSocket is used.
This class is provided with Netscape Communicator 4.05 and higher.If java.naming.ldap.factory.socket
has been set, the socket factory specified therein is used.
|
java.naming.security.sasl.authorizationId
|
Specifies which user DN to use for SASL authentication.
|
java.naming.security.sasl.callback
|
Specifies a callback handler for SASL mechanisms. This value of this property must be an instance of javax.security.auth.callback. CallbackHandler.
|
java.naming.security.sasl.client.pkgs
|
Specifies a "|"-separated list of packages. These packages are used to located factories that produce SASL mechanism drivers.
|
java.naming.ldap.factory.socket
|
Specifies the class name of a socket factory. This environment property is used to override the default socket factory.
For example:
env.put("Java.naming.ldap.factory. socket", "crysec.SSL.SSLSocket");
If the java.naming.security.protocol property has been set, but this property is not set, then the default value of netscape.net.SSLSocket is used.
See Chapter 12, "Connecting Over SSL" for more information.
|
java.naming.ldap.ssl.ciphers
|
Specifies the suite of ciphers used for SSL connections. These connections are made through sockets created by the factory specified with java.naming.ldap.factory.
socket. The value of this property is of the type java.lang.Object. For example:
env.put("java.naming.ldap.ssl.ciphers", crysec.SSL.SSLParams.getcipherSuite());
|
java.naming.batchsize
|
Specifies if searches are to block until all results are available or to return results in batches. A setting of 0 (zero) indicates that the Service Provider should block until all results are received.
If this property is not set or is "0" then search results are returned in batches of one.
|
java.naming.ldap.maxresults
|
Specifies the default maximum number of results returned for a search request. 0 (zero) means that there is no limit. If not specified, the default value is 1000.
A request using the parameter SearchConstraints in the DirContext.search() method can override this value.
|
java.naming.referral
|
Specifies the maximum number of referrals to follow in a chain of referrals. A setting of 0 (zero) indicates that there is no limit. The default limit is 10.
|
java.naming.ldap.deleteRDN
|
Specifies whether the old RDN is removed during rename(). If the value is set to true, the old RDN is removed. Otherwise, the RDN is not removed. The default value is true.
|
java.naming.ldap.derefAliases
|
Specifies how aliases are dereferenced during search operations.
The possible values are:
always - always dereference aliases
never - never dereference aliases
finding - dereference aliases only during name resolution
searching - dereference aliases only after name resolution.
NOTE: Netscape Directory Server 3.x and 4.x do not support aliases.
|
java.naming.ldap.typesOnly
|
Specifies whether to only return attribute types during searches and calls to getAttributes(). Possible values are true or false. The default is false.
|
java.naming.ldap.control.connect
|
An array of controls to set for an LDAPConnection when executing LDAP operations.
|
java.naming.ldap.attributes.binary
|
Specifies attributes that have binary syntax. It extends the Service Provider's list of known binary attributes. The value of this property is a list of comma-separated attribute names. For example:
env.put("java.naming.ldap.attributes. binary", "mpegVideo, mpegAudio");
In contrast to the Netscape Directory SDK for Java, JNDI does not allow you a choice of whether to read attributes as Strings or byte arrays. All attributes are returned as Strings unless they are considered to have binary syntax. The values of attributes that have binary syntax are returned as byte arrays instead of Strings.
|
java.naming.ldap.attributes.binary
(continued)
|
If this property is not set then, by default, only the following attributes and OIDs are recognized as having binary syntax:
attribute names containing ;binary
photo (0.9.2342.19200300.100.1.7)
personalSignature (0.9.2342.19200300.100.1.53)
audio (0.9.2342.19200300.100.1.55)
jpegPhoto (0.9.2342.19200300.100.1.60)
jpegSerialzedData (1.3.6.1.4.1.42.2.27.4.1.7)
thumbnailPhoto (1.3.6.1.4.1.1466.101.120.35)
thumbnailLogo (1.3.6.1.4.1.1466.101.120.36)
userPassword (2.5.4.35)
userCertificate (2.5.4.36)
cACertificate (2.5.4.37)
authorityRevocationList (2.5.4.38)
certificateRevocationList (2.5.4.39)
crossCertificatePair (2.5.4.40)
x500UniqueIdentifier (2.5.4.45)
|
java.naming.ldap.ref.separator
|
Specifies the character to use when encoding a RefAddr object in the javaReferenceAddress attribute. This property is used to avoid a conflict should the default separator character appear in the components of a RefAddr object.
If no value is specified, then the default separator is the hash character (#).
|