Configuration Reference Home
Oracle Unified Directory - LDAP Server Extension

LDAP Server Extension

The LDAP Server Extension provides access to an LDAP server.

Parent Component

The LDAP Server Extension component inherits from the Extension

Relations From this Component

The following components have a direct AGGREGATION relation FROM LDAP Server Extensions :

Properties

A description of each property follows.


Basic Properties: Advanced Properties:
↓ directory-type ↓ allow-server-supported-controls
↓ enabled ↓ conn-cleanup-interval
↓ page-size ↓ ignored-ldap-controls
↓ remote-ldap-server-address ↓ java-class
↓ remote-ldap-server-port ↓ monitoring-base
↓ ssl-cipher-suite ↓ monitoring-bind-dn
↓ ssl-protocol ↓ monitoring-bind-password
↓ monitoring-check-interval
↓ monitoring-connect-timeout
↓ monitoring-inactivity-timeout
↓ monitoring-ping-timeout
↓ monitoring-statistics-interval
↓ pool-increment
↓ pool-initial-size
↓ pool-max-size
↓ pool-max-write
↓ pool-release-connection-interval
↓ pool-use-max-write
↓ proxied-auth-use-v1
↓ remote-ldap-server-additional-guids
↓ remote-ldap-server-connect-timeout
↓ remote-ldap-server-guid
↓ remote-ldap-server-psearch-read-timeout
↓ remote-ldap-server-read-only
↓ remote-ldap-server-read-timeout
↓ remote-ldap-server-ssl-policy
↓ remote-ldap-server-ssl-port
↓ saturation-precision
↓ server-guid-name
↓ ssl-client-alias
↓ ssl-key-manager-provider
↓ ssl-trust-all
↓ ssl-trust-manager-provider

Basic Properties

directory-type

Description
Directory types used in ldap extension. The directory type which is connected as remote LDAP server. By default, the remote directory is OUD.
Default Value
oud
Allowed Values
ad - Backend is Active Directory

odsee - Backend is ODSEE

oid - Backend is Oracle Internet Directory

oud - Backend is Oracle Unified Directory


Multi-valued
No
Required
No
Admin Action Required
None
Advanced Property
No
Read-only
No

enabled

Description
Indicates whether the Extension is enabled.
Default Value
None
Allowed Values
true
false
Multi-valued
No
Required
Yes
Admin Action Required
None
Advanced Property
No
Read-only
No

page-size

Description
Default page size to be considered when entries are requested from the Directory Server backend associated with this LDAP Server Extension. This is an integer with default value of zero, which limits the amount of entries to be requested from the backend Directory Server configured with this server extension, at a time. This parameter is honoured only when the page size parameter is not provided by the client in it's request. To avoid errorneous result, this parameter should have a value less than or equal to the size limit parameter specified by the backend.
Default Value
0
Allowed Values
An integer value. Lower value is 0.
Multi-valued
No
Required
No
Admin Action Required
None
Advanced Property
No
Read-only
No

remote-ldap-server-address

Description
Specifies the hostname or IP address of the remote LDAP server. This can be a resolvable hostname or an IP address.
Default Value
None
Allowed Values
A String
Multi-valued
No
Required
Yes
Admin Action Required
None
Advanced Property
No
Read-only
No

remote-ldap-server-port

Description
Specifies the non-secured port to connect to the LDAP server. This must be a valid port number.
Default Value
389
Allowed Values
An integer value. Lower value is 0.
Multi-valued
No
Required
Yes
Admin Action Required
None
Advanced Property
No
Read-only
No

ssl-cipher-suite

Description
Specifies the names of the cipher suites that are that are used for secure connection to the LDAP server.
Default Value
Uses the default set of cipher suites supported by the server.
Allowed Values
A String
Multi-valued
Yes
Required
No
Admin Action Required
None. Changes to this property take effect immediately but will only impact new SSL/TLS-based sessions created after the change.
Advanced Property
No
Read-only
No

ssl-protocol

Description
Specifies the names of the SSL/TLS protocols that are used for secure connection to the LDAP server.
Default Value
Uses the default set of SSL/TLS protocols supported by the server.
Allowed Values
A String
Multi-valued
Yes
Required
No
Admin Action Required
None. Changes to this property take effect immediately but only impact new SSL/TLS-based sessions created after the change.
Advanced Property
No
Read-only
No


Advanced Properties

allow-server-supported-controls

Description
If set to true then the LDAP Server Extension will pass only those LDAP controls to the remote LDAP server which that server supports. If set to false then it honours values set in ds-cfg-ignored-ldap-controls. If set to true then the LDAP Server Extension will fetch all the controls set in supportedControl of the remote LDAP server's RootDSE and pass only those to the remote server, ignoring all other LDAP controls in an LDAP request. If set to false then server will honour values set in ds-cfg-ignored-ldap-controls. If there is any error in fetching list of supported controls then a message would be logged during startup and value set in ds-cfg-ignored-ldap-controls will be honoured.
Default Value
false
Allowed Values
true
false
Multi-valued
No
Required
No
Admin Action Required
None
Advanced Property
Yes
Read-only
No

conn-cleanup-interval

Description
Interval at which closed connections of the clients gets cleaned. This is an interval (in milliseconds) based on which proxy cleans closed connections of the clients.
Default Value
3000
Allowed Values
An integer value. Lower value is 1.
Multi-valued
No
Required
No
Admin Action Required
None
Advanced Property
Yes
Read-only
No

ignored-ldap-controls

Description
Specifies the OIDs of the LDAP controls which should be ignored in an LDAP request. A list of OIDs of LDAP controls can be specified here. If any of the LDAP request received contains such LDAP controls then those controls will be ignored. Such LDAP controls will not be sent to remote server.
Default Value
None
Allowed Values
A String
Multi-valued
Yes
Required
No
Admin Action Required
None
Advanced Property
Yes
Read-only
No

java-class

Description
Specifies the fully-qualified name of the Java class that provides the LDAP Server Extension implementation.
Default Value
com.sun.dps.server.workflowelement.proxyldap.LDAPServerExtension
Allowed Values
A java class that implements or extends the class(es) :
org.opends.server.api.Extension
Multi-valued
No
Required
Yes
Admin Action Required
The LDAP Server Extension must be disabled and re-enabled for changes to this setting to take effect
Advanced Property
Yes
Read-only
No

monitoring-base

Description
Searchbase on which the server extention directs its monitoring requests. The searchbase DN which gets monitored periodically from server extention. By default this property is empty and if incase we dont have any value set the server monitoring requests are directed towards RootDSE.
Default Value
None
Allowed Values
A String
Multi-valued
No
Required
No
Admin Action Required
None
Advanced Property
Yes
Read-only
No

monitoring-bind-dn

Description
Bind DN using which the Server Extension will be monitored. The user that the extension will use to perform monitoring of the data source. If this property is not altered from its default value, then monitoring is performed anonymously.
Default Value
None
Allowed Values
A String
Multi-valued
No
Required
No
Admin Action Required
None
Advanced Property
Yes
Read-only
No

monitoring-bind-password

Description
Password using which the Server Extension will be monitored. The user credential that the extension will use to perform monitoring of the data source. If this property is not altered from its default value, then monitoring is performed anonymously.
Default Value
None
Allowed Values
Unknown
Multi-valued
No
Required
No
Admin Action Required
None
Advanced Property
Yes
Read-only
No

monitoring-check-interval

Description
Proactive monitoring check interval. This is an interval in milliseconds. The minimum value is set to 1000 (1 second).
Default Value
30000
Allowed Values
An integer value. Lower value is 1000.
Multi-valued
No
Required
No
Admin Action Required
None
Advanced Property
Yes
Read-only
No

monitoring-connect-timeout

Description
Maximum time the proactive monitoring attempts to connect to the remote server before the connections fails. 0 means unlimited. This is an integer which represents the interval in milliseconds.
Default Value
5000
Allowed Values
An integer value. Lower value is 0.
Multi-valued
No
Required
No
Admin Action Required
None
Advanced Property
Yes
Read-only
No

monitoring-inactivity-timeout

Description
Time after which a connection is checked to avoid connection closure by the remote server. The value of this parameter must be superior to monitoring-check-interval. This is an integer which represents the interval in milliseconds.
Default Value
120000
Allowed Values
An integer value. Lower value is 0.
Multi-valued
No
Required
No
Admin Action Required
None
Advanced Property
Yes
Read-only
No

monitoring-ping-timeout

Description
Maximum time the proactive monitoring attempts to ping the remote server. This is an integer which represents the interval in milliseconds.
Default Value
5000
Allowed Values
An integer value. Lower value is 0.
Multi-valued
No
Required
No
Admin Action Required
None
Advanced Property
Yes
Read-only
No

monitoring-statistics-interval

Description
Proactive statistics collection interval. This is an interval (in milliseconds) based on which proxy collect statistics information about number of used, free, closed and invalid connections, etc.
Default Value
30000
Allowed Values
An integer value. Lower value is 0.
Multi-valued
No
Required
No
Admin Action Required
None
Advanced Property
Yes
Read-only
No

pool-increment

Description
Increment by which the size of a connection pool is increased or decreased. If remote-ldap-server-ssl-policy is set to 'user', two pools are created and the incremental change of size of each pool is set to pool-increment. This is an integer.
Default Value
5
Allowed Values
An integer value. Lower value is 0.
Multi-valued
No
Required
No
Admin Action Required
None
Advanced Property
Yes
Read-only
No

pool-initial-size

Description
Initial size of a connection pool: this is the initial number of connections to be created when a pool is initialized. This is also the minimum size of a pool. If remote-ldap-server-ssl-policy is set to 'user', two pools are created and the initial size of each pool is set to pool-initial-size. This is an integer.
Default Value
10
Allowed Values
An integer value. Lower value is 0.
Multi-valued
No
Required
No
Admin Action Required
None
Advanced Property
Yes
Read-only
No

pool-max-size

Description
Maximum size of a connection pool: this is the maximum number of connections a pool can allocate. If remote-ldap-server-ssl-policy is set to 'user', two pools are created and the maximum size of each pool is set to pool-max-size. This is an integer.
Default Value
1000
Allowed Values
An integer value. Lower value is 0.
Multi-valued
No
Required
No
Admin Action Required
None
Advanced Property
Yes
Read-only
No

pool-max-write

Description
Maximum number of write connections a connection pool can allocate at the same time. This is an integer. This parameter is taken into account only if pool-use-max-write is set to 'true'.
Default Value
0
Allowed Values
An integer value. Lower value is 0.
Multi-valued
No
Required
No
Admin Action Required
None
Advanced Property
Yes
Read-only
No

pool-release-connection-interval

Description
Time after which the connection pool size can be reduced if enough connections are not used: if pool-increment connections or more are not used during pool-release-connection-interval, then these connections are removed from the pool. This is an integer which represents the interval in milliseconds.
Default Value
300000
Allowed Values
An integer value. Lower value is 0.
Multi-valued
No
Required
No
Admin Action Required
None
Advanced Property
Yes
Read-only
No

pool-use-max-write

Description
Indicates if the parameter pool-max-write is used. If true, the parameter pool-max-write is taken into account.
Default Value
false
Allowed Values
true
false
Multi-valued
No
Required
No
Admin Action Required
None
Advanced Property
Yes
Read-only
No

proxied-auth-use-v1

Description
If true, proxy authorization control V1 is used, otherwise V2 is used. true or false.
Default Value
false
Allowed Values
true
false
Multi-valued
No
Required
No
Admin Action Required
None
Advanced Property
Yes
Read-only
No

remote-ldap-server-additional-guids

Description
Names of the attributes in the remote LDAP server that store data in guid format. Names of the attributes in the remote LDAP server that store data in guid format. Transformation of the attributes value in Server Guid format will be done if specified and updated in the entry. Examples are ownerOrclGUID etc.
Default Value
None
Allowed Values
A String
Multi-valued
Yes
Required
No
Admin Action Required
None
Advanced Property
Yes
Read-only
No

remote-ldap-server-connect-timeout

Description
Maximum time the proactive monitoring attempts to connect to the remote server before the connection fails. 0 means unlimited. This is an integer which represents the interval in milliseconds.
Default Value
10000
Allowed Values
An integer value. Lower value is 0.
Multi-valued
No
Required
No
Admin Action Required
None
Advanced Property
Yes
Read-only
No

remote-ldap-server-guid

Description
Name of the attribute in the remote LDAP server that represents immutable unique id for entries. Name of the attribute in the remote LDAP server that represents immutable unique id for entries. Mapping of remote unique id to GUID attribute such as orclGUID will be done only if this is configured. Examples are objectguid for Active Directory, GUID for eDirectory LDAP servers.
Default Value
None
Allowed Values
A String
Multi-valued
No
Required
No
Admin Action Required
None
Advanced Property
Yes
Read-only
No

remote-ldap-server-psearch-read-timeout

Description
Maximum time the LDAP Server Extension waits for a response from the remote server for psearch before the connection fails. This is an integer which represents the interval in milliseconds.
Default Value
25
Allowed Values
An integer value. Lower value is 1.
Multi-valued
No
Required
No
Admin Action Required
None
Advanced Property
Yes
Read-only
No

remote-ldap-server-read-only

Description
Indicates if the remote server is read-only. If set to true, all write operations are rejected by this LDAP Server Extension. True or false.
Default Value
false
Allowed Values
true
false
Multi-valued
No
Required
No
Admin Action Required
None
Advanced Property
Yes
Read-only
No

remote-ldap-server-read-timeout

Description
Maximum time the LDAP Server Extension waits for a response from the remote server before the connection fails. 0 means unlimited. This is an integer which represents the interval in milliseconds.
Default Value
10000
Allowed Values
An integer value. Lower value is 0.
Multi-valued
No
Required
No
Admin Action Required
None
Advanced Property
Yes
Read-only
No

remote-ldap-server-ssl-policy

Description
Specifies the security policy to apply to the LDAP server. Possible values are "always", "never" and "user".
Default Value
never
Allowed Values
always - SSL is always used to connect to the LDAP server. Only one pool of secure connections is created in this case.

never - SSL is never used to connect to the LDAP server. Only one pool of unsecure connections is created in this case.

user - SSL is used based on the client connection: if the client connection is secure, the connection between this LDAP Server Extension and the LDAP server will be secure, otherwise it will be unsecure. Two connection pools are created in this case: one pool for handling secure connections, and another pool for unsecure connections. The parameters pool-initial-size, pool-max-size and pool-increment apply separately to each pool. For instance, if pool-initial-size is set to 10, then 20 connections are created: 10 for the secure pool, and 10 for the unsecure pool. Similarly, if pool-max-size is set to 100, up to 200 connections may be created.


Multi-valued
No
Required
Yes
Admin Action Required
None
Advanced Property
Yes
Read-only
No

remote-ldap-server-ssl-port

Description
Specifies the secured port to connect to the LDAP server. This must be a valid port number.
Default Value
636
Allowed Values
An integer value. Lower value is 0.
Multi-valued
No
Required
Yes
Admin Action Required
None
Advanced Property
Yes
Read-only
No

saturation-precision

Description
The precision specifies the minimum value for the saturation index change to be taken into account. When the saturation index of the LDAP Server Extension changes, a notification is sent only if the change is significant enough. The value is expressed as a percentage. For instance, if the previous index was 15% and is now 18%, with a precision set to 5%, no notification is sent (because 18% - 15% = 3%, which is less than 5%).
Default Value
5
Allowed Values
An integer value. Lower value is 0. Upper value is 100 .
Multi-valued
No
Required
No
Admin Action Required
None
Advanced Property
Yes
Read-only
No

server-guid-name

Description
The attribute name which will be mapped to remote-ldap-server-guid. The attribute name which will be mapped to remote-ldap-server-guid. Default value of this is orclGUID.
Default Value
orclguid
Allowed Values
A String
Multi-valued
No
Required
No
Admin Action Required
None
Advanced Property
Yes
Read-only
No

ssl-client-alias

Description
Specifies the alias to use for the client private key. A string which represents the alias to look up in the keystore.
Default Value
None
Allowed Values
A String
Multi-valued
No
Required
No
Admin Action Required
None
Advanced Property
Yes
Read-only
No

ssl-key-manager-provider

Description
Specifies key manager provider to use for the LDAP Server Extension. This key manager provider is not mandatory and may be used if the remote server is configured for client authentication. The referenced key manager provider must be enabled.
Default Value
None
Allowed Values
The DN of any Key Manager Provider.
Multi-valued
No
Required
No
Admin Action Required
None
Advanced Property
Yes
Read-only
No

ssl-trust-all

Description
Specifies to trust all remote servers. True or false.
Default Value
false
Allowed Values
true
false
Multi-valued
No
Required
No
Admin Action Required
None
Advanced Property
Yes
Read-only
No

ssl-trust-manager-provider

Description
Specifies trust manager provider to use for the LDAP Server Extension. This trust manager provider is mandatory unless the parameter ssl-trust-all is set to true. The referenced trust manager provider must be enabled.
Default Value
None
Allowed Values
The DN of any Trust Manager Provider.
Multi-valued
No
Required
No
Admin Action Required
None
Advanced Property
Yes
Read-only
No


Copyright © 2019, 2022, Oracle and/or its affiliates.