7 dir.ini

The dir.ini file contains properties that are used to configure the directory services options described below.

The dir.ini file is the main configuration file for the WebCenter Sites Directory Services API. WebCenter Sites uses this API to connect to directory servers for authentication/authorization services and to provide the following options for managing user information (one of the options is configured for your WebCenter Sites system):

The WebCenter Sites directory services plug-in, which uses the native WebCenter Sites user management tables (SystemUsers and SystemUserAttrs).
LDAP plug-ins, which uses the directory server rather than the WebCenter Sites database to store user names and attributes.

Properties in dir.ini are organized by function on the following tabs in the Property Editor:

Attribute Names Tab
Compatibility Tab
Global Data Tab
Interface Implementations Tab
JNDI SPI Env Tab
Naming Syntax Tab
Schema Defaults Tab
Search Controls Tab
User Defined Tab

Note:

Although the dir.ini file is the main configuration file for the directory services API, there are additional user manager/directory services properties in another property file, futuretense.ini. See Section 9.2, "Authentication Tab."

7.1 Attribute Names Tab

The Attribute Names tab holds attribute-mapping properties. You use these properties to specify how a user attribute used by WebCenter Sites is identified in the directory server.

Table 7-1 Properties in dir.ini: Attribute Names Tab

Property	Description
`cn`	Specifies the name of the attribute in the directory server that serves as the group name attribute. Possible values: WebCenter Sites and NT: `cn` LDAP, iPlanet: `cn` LDAP, Active Directory: `cn`
`loginattribute`	Specifies the name of the attribute in the directory server that serves as the user login attribute. Default value: `uid`
`password`	Specifies the name of the attribute in the directory server that serves as the password attribute. Possible values: WebCenter Sites and NT: `password` LDAP, iPlanet: `userPassword` LDAP, Active Directory: `password`
`uniquemember`	Specifies the name of the attribute in the directory server that serves as the group assignment attribute. Possible values: WebCenter Sites and NT: `uniquemember` LDAP, iPlanet: `uniquemember` LDAP, Active Directory: `member`
`username`	Specifies the name of the attribute in the directory server that serves as the user name attribute. Possible values: WebCenter Sites and NT: `username` LDAP, iPlanet: `uid` LDAP, Active Directory: `sAMAccount`
`memberof`	Specifies the name of the user attribute that contains information about the user's groups. If a user's membership in a group is specified by the `uniquemember` attribute on the group, leave this property blank. If the group membership of a user is specified by an attribute of the user, specify the name of that attribute here. Possible values: LDAP, WebLogic embedded LDAP: `wlsmemberof` LDAP, SunONE Identity Server: `memberof`

7.2 Compatibility Tab

The Compatibility tab holds properties that determine how any strings that are extracted from the directory server and stored in the WebCenter Sites database are treated.

Table 7-2 Properties in dir.ini: Compatibility Tab

Property Description

Property	Description
`cleandns`	Specifies how the strings for distinguished names are stored in the WebCenter Sites database. If set to true, the Directory Services API extracts distinguished names from the directory server, and then removes extra spaces from them and then changes all the upper-case letters to lower-case letters before storing the strings in the WebCenter Sites database. Possible values: `true \| false` Default value: `false` Note: Do not set this value to `true` if you are upgrading from an earlier version of WebCenter Sites. If you do, you must manually change any existing dns strings that are stored in the WebCenter Sites tables. Also, if you set it to `true`, you must also verify that the `syntax.ignorecase` property is also set to `true`.

cleandns

Specifies how the strings for distinguished names are stored in the WebCenter Sites database.

If set to true, the Directory Services API extracts distinguished names from the directory server, and then removes extra spaces from them and then changes all the upper-case letters to lower-case letters before storing the strings in the WebCenter Sites database.

Possible values: true | false

Default value: false

Note: Do not set this value to true if you are upgrading from an earlier version of WebCenter Sites. If you do, you must manually change any existing dns strings that are stored in the WebCenter Sites tables. Also, if you set it to true, you must also verify that the syntax.ignorecase property is also set to true.

7.3 Global Data Tab

The Global Data tab holds properties that determine global values for all users.

Table 7-3 Properties in dir.ini: Global Data Tab

Property Description

Property	Description
`baseDN`	Specifies the distinguished name for the root to use by default for searches and for prepending to the names for attribute values that require a DN type. Default value: blank Do not change the value of this property. Because the authentication module sets the `currentUser` session variable to a fully qualified name, WebCenter Sites assumes that all names returned from the search are fully qualified.
`groupparent`	Specifies the entry to use as the parent of all WebCenter Sites entries of type `Group`. Possible values: WebCenter Sites and NT: `ou=groups` LDAP, iPlanet: `ou=groups,dc=<companyname>,dc=com` LDAP, Active Directory: `cn=groups,dc=<companyname>,dc=com`
`peopleparent`	Specifies the entry to use as the parent of all WebCenter Sites entries of type `User`. Possible values: WebCenter Sites and NT: `ou=people` LDAP, iPlanet: `cn=people,dc=<companyname>,dc=com` LDAP, Active Directory: `cn=users,dc=<companyname>,dc=com`

baseDN

Specifies the distinguished name for the root to use by default for searches and for prepending to the names for attribute values that require a DN type.

Default value: blank

Do not change the value of this property. Because the authentication module sets the currentUser session variable to a fully qualified name, WebCenter Sites assumes that all names returned from the search are fully qualified.

groupparent

Specifies the entry to use as the parent of all WebCenter Sites entries of type Group.

Possible values:

WebCenter Sites and NT: ou=groups
LDAP, iPlanet: ou=groups,dc=<companyname>,dc=com
LDAP, Active Directory: cn=groups,dc=<companyname>,dc=com

peopleparent

Specifies the entry to use as the parent of all WebCenter Sites entries of type User.

Possible values:

WebCenter Sites and NT: ou=people
LDAP, iPlanet: cn=people,dc=<companyname>,dc=com
LDAP, Active Directory: cn=users,dc=<companyname>,dc=com

7.4 Interface Implementations Tab

The Interface Implementations tab holds two properties that determine which user manager module your WebCenter Sites system is using. The properties are className.IDir and className.IName. The values of the properties on the Interface Implementations tab should not be modified unless you are integrating with LDAP.

Table 7-4 Properties in dir.ini: Interface Implementations Tab

Property	Description
`className.Attribute`	Specifies the name of the concrete class to implement the interface Attribute. Do not change the value of this property unless you are integrating with LDAP.
`className.Attributes`	Specifies the name of the concrete class to implement the interface Attributes. Do not change the value of this property unless you integrate with LDAP.
`className.IDir`	With the `className.IName` property, specifies which user manager module your system is using. Possible values: WebCenter Sites: `com.openmarket.directory.cs.CSDir` LDAP: `com.openmarket.directory.jndi.JNDIDir` Do not change the value of this property unless you are integrating with LDAP.
`className.IFactory`	Specifies the name of the concrete class to implement the interface `Ifactory`. Do not change the value of this property unless you are integrating with LDAP.
`className.IName`	With the `className.IDir` property, specifies which user manager module your system is using. Possible values: WebCenter Sites: `com.openmarket.directory.cs.CSName` LDAP: `com.openmarket.directory.jndi.Name Wrapper` Do not change the value of this property unless you are integrating with LDAP.
`className.IUserDir`	Specifies the name of the concrete class to implement interface `IUserDir`. Possible values: WebCenter Sites: `com.openmarket.directory.cs.CSDir` LDAP: `com.openmarket.directory.jndi.LDAP UserDir` Do not change the value of this property unless you are integrating with LDAP.
`className.JNDIName`	Specifies the name of the concrete class to implement the interface JNDIName. Do not change the value of this property unless you are integrating with LDAP.

7.5 JNDI SPI Env Tab

The properties on the JNDI SPI Env tab are used only if your WebCenter Sites system is configured to use the LDAP user manager module.

Table 7-5 Properties in dir.ini: JNDI SPI Env Tab

Property	Description
`java.naming.factory.initial`	Specifies the initial factory class to use. The value of this property should be the fully qualified class name of the factory class that will create an initial context. Do not change the value of this property.
`java.naming.security.authentication`	Specifies the security level to use. Its value is one of the following strings: `none`, `simple`, `strong`. If this property is unspecified, the security level is determined by the service provider. Default value: `simple`
`jndi.baseURL`	Specifies the server name and port number of the directory server. The value uses the following format: ldap://<hostname>:<port>
`jndi.connectAsUser`	Specifies whether WebCenter Sites needs a designated user account to query the directory server for user attribute information. If set to `true`, `jndi.connectAsUser` specifies a WebCenter Sites login to the LDAP server. This means that WebCenter Sites queries the directory server for information as the user who is logged in to the WebCenter Sites system and is making the inquiry. For example, when an administrator examines user information in the WebCenter Sites Admin interface, WebCenter Sites makes the inquiry as that user (admin, for example.) If set to `false`, `jndi.connectAsUser` specifies a direct login to the LDAP server. This means there must be a valid username/password combination specified for the `jndi.login` and `jndi.password` properties; WebCenter Sites uses that user account to make inquiries.
`jndi.custom`	System property. Do not enter a value for this property. Specifies other spi-specific variables to pass into the `javax.naming.context`. Syntax follows x-www-form-urlencoded format.
`jndi.login`	Applies only when `jndi.connectAsUser` is set to `false`. Specifies the fully qualified, fully distinguished name of the user account that WebCenter Sites uses to query the directory server.
`jndi.password`	Applies only when `jndi.connectAsUser` is set to `false`. Specifies the password of the user account that WebCenter Sites uses to query the directory server. This value is encrypted.
`jndi.poolConnections`	Applies only when `jndi.connectAsUser` is set to `false`. If this property is set to `true`, the system will create a pool of `DirContent` connections. If set to `false`, `jndi.poolsize` is ignored.
`jndi.poolsize`	Indicates the size of the pool. Default value: `20` This property is ignored if `jndi.poolConnections` is set to `false`.
`syntax.custom`	Specifies classJNDIName-specific variables to pass into the classIName constructor. Syntax follows x-www-form-urlencoded format.

7.6 Naming Syntax Tab

The Naming Syntax tab holds properties that determine how strings for user attributes and their values are interpreted.

Table 7-6 Properties in dir.ini: Naming Syntax Tab

Property	Description
`syntax.beginquote`	Specifies the string that delimits the beginning of a quoted string. Default value: `'`
`syntax.beginquote2`	Specifies an alternative to the value specified for the `syntax.beginquote` property.
`syntax.direction`	Specifies the direction in which the components in a designated name are read. Possible values: left_to_right right_to_left flat Default value: `left_to_right`
`syntax.endquote`	Specifies the string that delimits the end of a quoted string. Default value: `'`
`syntax.endquote2`	Specifies an alternative to the value specified for `syntax.endquote`.
`syntax.escape`	Specifies the escape string for overriding separators, escapes, and quotes. If you are using special characters, such as `',`', `'+`', `'-`', `';`', etc., in DN, you cannot use `\` as an escape string. Default value: `\`
`syntax.ignorecase`	Specifies whether strings are case-sensitive or not. Set to `false` if the uppercase and the lowercase version of a letter character should be considered as different characters. (That is, "admin" and "Admin" should be interpreted as different words.) Set to `true` if you want the uppercase and the lowercase version of a letter character to be considered as the same character. (That is "admin" and "Admin" should be interpreted as the same string.) Default value: `true` Note: If you need to set the `cleandns` property on the Compatibility tab to `true`, you must also set this property's value to `true`.
`syntax.separator`	Specifies the separator character used between atomic name components. This property is required unless `syntax.direction` is set to a value of `flat`. Default value: `,`
`syntax.separatorava`	Specifies the separator character used to separate multiple attribute/value pairs. Typically the comma character (,) is used. Default value: `,`
`syntax.separatortypeval`	Specifies the separator character used to separate an attribute from its value. For example, the equals symbol (`=`) is used. Default value: `=`
`syntax.trimblanks`	Specifies whether spaces and whitespace characters are significant or should be ignored (trimmed) when evaluating a string. Set to `true` if spaces should be ignored. Set to `false` if spaces should be considered when evaluating a string. Default value: `false`

7.7 Schema Defaults Tab

The Schema Defaults tab holds properties that identify the following entities to WebCenter Sites:

The directory server attributes for which users must have values in order to be valid users

Attribute values that are assigned to users by default (if any).

Table 7-7 Properties in dir.ini: Schema Defaults Tab

Property	Description
`defaultGroupAttrs`	Specifies the attribute name/value pairs that are set for every descendent of the entry specified by the `groupparent` property. WebCenter Sites uses this information to create the default groups that it needs during the installation, which means that this property must be set before you install WebCenter Sites. Values must be entered in the x-www-form-urlencoded format.
`defaultPeopleAttrs`	Specifies the attribute name/value pairs that are set for every descendent of the entry specified by the `peopleparent` property. WebCenter Sites uses this information to create the default users that it needs during the installation, which means that this property must be set before you install WebCenter Sites. Values must be entered in the x-www-form-urlencoded format.
`defaultReaderACLs`	The ACL list to be assigned to DefaultReader by Login Module. Default value: `Browser`
`objectclassGroup`	Specifies the name of the base object that signifies a WebCenter Sites group. The `DIR.GROUPMEMBERSHIPS` tag uses the value set for this property to differentiate group entries from user or other entries. Possible values: WebCenter Sites: `groupofuniquenames` LDAP, iPlanet: `groupofuniquenames` LDAP, Active Directory: `group`
`objectclassPerson`	Specifies the name of the base object that signifies a WebCenter Sites user (person). The `DIR.LISTUSERS` tag uses the value set for this property to differentiate user entries from group or other entries Value for WebCenter Sites or LDAP: `person`
`requiredGroupAttrs`	Specifies the attributes that every descendent of the entry specified by the `groupParent` property must have values for. Values must be entered in the x-www-form-urlencoded format.
`requiredPeopleAttrs`	Specifies the attributes that every descendent of the entry specified by the `peopleParent` property must have values for. Values must be entered in the x-www-form-urlencoded format.

7.8 Search Controls Tab

The Search Controls tab holds properties that constrain the queries that the user manager plug-in makes to the directory server.

Table 7-8 Properties in dir.ini: Search Controls Tab

Property Description

Property	Description
`search.returnlimit`	Specifies the maximum number of entries to return. To obtain all the entries that satisfy the search criteria, set the value to `0`.
`search.scope`	Specifies to what depth in the hierarchy a search reaches: search just the specified or current node, or search the nodes under that node. Default value: `2` (which means search all nodes under the stated node)
`search.timeoutVal`	Specifies the number of seconds to wait for results before returning an error. A value of `0` means to wait indefinitely (that is, wait until the network timeout limit ends the wait).

search.returnlimit

Specifies the maximum number of entries to return.

To obtain all the entries that satisfy the search criteria, set the value to 0.

search.scope

Specifies to what depth in the hierarchy a search reaches: search just the specified or current node, or search the nodes under that node.

Default value: 2 (which means search all nodes under the stated node)

search.timeoutVal

Specifies the number of seconds to wait for results before returning an error.

A value of 0 means to wait indefinitely (that is, wait until the network timeout limit ends the wait).

7.9 User Defined Tab

Table 7-9 Properties in dir.ini: User Defined Tab

Property	Description
This tab, by default, has no properties.	N/A