LDAPLoginModule required parameters for Java

These configuration parameters are required for the Java framework version of the LDAPLoginModule plug-in.

Parameter	Definition
userPath	The distinguished name pattern to match to find a user. The username entered by the user at login will be substituted for the `{username}` value. The default value is: /ou=People,dc=endeca,dc=com??sub?(cn=%{#username:1})
groupPath	A template that specifies the set of objects that contain the user’s group memberships. The resulting information is used to construct an entitlement filter for the user. You can specify this parameter multiple times. The default value is: /ou=Groups,dc=endeca,dc=com?cn?sub?(uniqueMember=%{#dn})
groupTemplate	A template that specifies how to produce individual group names from the set of groups returned from the `groupPath` query. The default value is: %{cn}
serverInfo	A URL specifying the name and port of the LDAP server to be used for authentication. You can specify multiple LDAP servers. Note that the protocol portion of the URL (that is, `ldap://`) must be in all-lowercase. The default value is: ldap://web1.endeca.com:1234

Prepending strings to user and group names

For login purposes, you can set up the LDAPLoginModule plug-in to prepend strings to usernames and/or group names. Make sure to add the prepend string before the %{} escape sequence.

For example, assume you want to prepend the string "user:" to usernames and "group:" to group names. You would specify the userPath and groupPath parameters similar to the following example:

groupTemplate="%{cn}"
userPath="/ou=People,dc=endeca,dc=com??sub?(cn=user:%{#username})"
groupPath="/ou=Groups,dc=endeca,dc=com?sub?(uniqueMember=group:%{#dn})";

Specifying Multiple LDAP Servers

You can specify multiple LDAP servers with multiple instances of the serverInfo parameter, by using the format:

serverInfo.n = "ldap://server_url:port"

For example:

serverInfo.0="ldap://web01.endeca.com:1234"
serverInfo.1="ldap://web02.endeca.com:1230"
serverInfo.2="ldap://web03.endeca.com:1334"

If you specify multiple LDAP servers, the servers are assumed to be equivalent.

The choice of which LDAP server to contact is made randomly. If an LDAP server cannot be reached, the LDAPLoginModule plug-in proceeds through the remaining servers in order of configuration, wrapping if necessary.

For example, if five servers are configured and Server 3 is the first to be contacted, the remaining order of contact is Server 4, Server 5, Server 1, and finally Server 2.