18 User Properties

The following topics provide information about each property associated with the User category in the wcs_properties.json file:

18.1 About the Properties in the User Category

Properties categorized under User in the WebCenter Sites wcs_properties.json file are related to implementing WebCenter Sites users. This includes creating and registering user names with LDAP and the WebCenter Sites database tables. For information about the WebCenter Sitesproperties categorized under User in the wcs_properties.json file, see Properties in the User Category.

18.2 Properties in the User Category

Table 18-1 provides a description for each of the properties in the JSON file that are associated with the User category.

Table 18-1 User Properties

Properties Description

baseDN

Specifies the distinguished name for the root to use by default for searches and for prepending to the names for attribute values that require a DN type.

Default value: o=ContentServer

Do not change the value of this property. Because the authentication module sets the currentUser session variable to a fully qualified name, WebCenter Sites assumes that all names returned from the search are fully qualified.

className.Attribute

Specifies the name of the concrete class to implement the interface Attribute.

Do not change the value of this property unless you are integrating with LDAP.

Default value: javax.naming.directory.BasicAttribute

className.Attributes

Specifies the name of the concrete class to implement the interface Attributes.

Do not change the value of this property unless you integrate with LDAP.

Default value: javax.naming.directory.BasicAttributes

className.IDir

With the className.IName property, specifies which user manager module your system is using.

Possible values:

  • WebCenter Sites: com.openmarket.directory.cs.CSDir

  • LDAP: com.openmarket.directory.jndi.JNDIDir

Default value: com.openmarket.directory.cs.CSDir

Do not change the value of this property unless you are integrating with LDAP.

className.IFactory

Specifies the name of the concrete class to implement the interface Ifactory.

Default value: com.openmarket.directory.common.Factory

Do not change the value of this property unless you are integrating with LDAP.

className.IName

With the className.IDir property, specifies which user manager module your system is using.

Possible values:

  • WebCenter Sites: com.openmarket.directory.cs.CSName

  • LDAP: com.openmarket.directory.jndi.Name Wrapper

Default value: com.openmarket.directory.cs.CSName

Do not change the value of this property unless you are integrating with LDAP.

className.IUserDir

Specifies the name of the concrete class to implement interface IUserDir.

Possible values:

  • WebCenter Sites: com.openmarket.directory.cs.CSDir

  • LDAP: com.openmarket.directory.jndi.LDAP UserDir

Default value: com.openmarket.directory.cs.CSDir

Do not change the value of this property unless you are integrating with LDAP.

className.JNDIName

Specifies the name of the concrete class to implement the interface JNDIName.

Default value: javax.naming.CompundName

Do not change the value of this property unless you are integrating with LDAP.

cleandns

Specifies how the strings for distinguished names are stored in the WebCenter Sites database.

If set to true, the Directory Services API extracts distinguished names from the directory server, and then removes extra spaces from them and then changes all the upper-case letters to lower-case letters before storing the strings in the WebCenter Sites database.

Possible values: true | false

Default value: false

Note: Do not set this value to true if you are upgrading from an earlier version of WebCenter Sites. If you do, you must manually change any existing DNS strings that are stored in the WebCenter Sites tables. Also, if you set it to true, you must also verify that the syntax.ignorecase property is also set to true.

cn

Specifies the name of the attribute in the directory server that serves as the group name attribute.

Possible values:

  • WebCenter Sites and NT: cn

  • LDAP, iPlanet: cn

  • LDAP, Active Directory: cn

Default value: cn

cs.manageACL

Specifies the class that replaces the default WebCenter Sites ACL name-to-privilege mask function.

Do not change the value of this property.

cs.manageproperty

Specifies the wcs_properties.json file which contains properties specific to the user or ACL management being used. For example, if you specify cs.manageUser, cs.manageACL, or cs.manageUserAccess.

cs.manageUser

Specifies which user manager plug-in to use with this WebCenter Sites system.

  • If you are using the default WebCenter Sites plug-in, the value is blank. WebCenter Sites will use database authentication and authorization.

  • If you are using LDAP, the value is: com.openmarket.directory.jndi.auth.JNDILogin

  • If you are using NT authentication, the value is: com.FutureTense.NTUserGroups.ValidateLogin.NTUserGroupsLogin

This property is set when your WebCenter Sites system is integrated with LDAP or a different external system. Do not change its value after installation. By default, the value is blank.

Note: When this property is set, the cs.manageproperty must also be set.

cs.manageUserAccess

Specifies which user manager plug-in to use with this WebCenter Sites system.

cs.manageUserSystem

Applies only when your WebCenter Sites system is using NT authentication (that is, cs.manageUser points to the NT plug-in).

Specifies a comma-separated list of NT domain names that WebCenter Sites uses to authenticate users.

Authentication is done in the order specified by the list of domains. A user is declared a valid user if his username/password combination is found in any of those domains.

Specify the local system with a period (.) character.

If cs.manageUser points to the NT plug-in, but there are no domain names set for this property, WebCenter Sites attempts authentication on the local NT domain only.

This value was set during installation.

cs.ssovalidator

This property points to the SSO validator plug-in.

Default value: com.fatwire.wem.sso.cas.cs.plugin.SSOValidatorPlugin

defaultGroupAttrs

Specifies the attribute name/value pairs that are set for every descendent of the entry specified by the groupparent property.

This property must be set before you install WebCenter Sites. WebCenter Sites uses this information to create the default groups that it needs during the installation.

Values must be entered in the x-www-form-urlencoded format.

defaultPeopleAttrs

Specifies the attribute name/value pairs that are set for every descendent of the entry specified by the peopleparent property.

This property must be set before you install WebCenter Sites. WebCenter Sites uses this information to create the default users that it needs during the installation.

Values must be entered in the x-www-form-urlencoded format.

defaultReaderACLs

The ACL list to be assigned to DefaultReader by Login Module.

Default value: Browser

groupparent

Specifies the entry to use as the parent of all WebCenter Sites entries of type Group.

Possible values:

  • WebCenter Sites and Windows Server: ou=groups

  • LDAP: ou=groups,dc=<companyname>,dc=com

  • LDAP, Active Directory: cn=groups,dc=<companyname>,dc=com

java.naming.factory.initial

Specifies the initial factory class to use. The value of this property should be the fully qualified class name of the factory class that will create an initial context.

Do not change the value of this property.

Default value: com.sun.jdni.ldap.LdapCtxFactory

java.naming.security.authentication

Specifies the security level to use. Its value is one of the following strings: none, simple, strong.

If this property is unspecified, the security level is determined by the service provider.

Default value: simple

jndi.baseURL

Specifies the server name and port number of the directory server.

The value uses the following format: ldap://<hostname>:<port>

Default value: ldap://localhost:389

jndi.connectAsUser

Specifies whether WebCenter Sites needs a designated user account to query the directory server for user attribute information.

If set to true, jndi.connectAsUser specifies a WebCenter Sites login to the LDAP server. This means that WebCenter Sites queries the directory server for information as the user who is logged in to the WebCenter Sites system and is making the inquiry. For example, when an administrator examines user information in the WebCenter Sites Admin interface, WebCenter Sites makes the inquiry as that user (admin, for example.)

If set to false, jndi.connectAsUser specifies a direct login to the LDAP server. This means there must be a valid username/password combination specified for the jndi.login and jndi.password properties; WebCenter Sites uses that user account to make inquiries.

Default value: true

jndi.custom

System property.

Do not enter a value for this property.

Specifies other spi-specific variables to pass into the javax.naming.context. Syntax follows x-www-form-urlencoded format.

jndi.login

Applies only when jndi.connectAsUser is set to false.

Specifies the fully qualified, fully distinguished name of the user account that WebCenter Sites uses to query the directory server.

jndi.password

Applies only when jndi.connectAsUser is set to false.

Specifies the password of the user account that WebCenter Sites uses to query the directory server. This value is encrypted.

jndi.poolConnections

Applies only when jndi.connectAsUser is set to false.

If this property is set to true, the system will create a pool of DirContent connections.

If set to false, jndi.poolsize is ignored.

Default value: false

jndi.poolsize

Indicates the size of the pool.

Default value: 20

This property is ignored if jndi.poolConnections is set to false.

ldap.caseAware

Specifies whether the LDAP Server is case sensitive for the queries.

Default value: false

loginattribute

Specifies the name of the attribute in the directory server that serves as the user login attribute.

Default value: uid

memberof

Specifies the name of the user attribute that contains information about the user's groups.

If a user's membership in a group is specified by the uniquemember attribute on the group, leave this property blank.

If the group membership of a user is specified by an attribute of the user, specify the name of that attribute here.

Possible values:

  • LDAP, WebLogic embedded LDAP: wlsmemberof

  • LDAP, SunONE Identity Server: memberof

ntlogin.DefaultACL

NT user manager plug-in only.

A comma-separated list of any ACLs that should be assigned to all users by default.

By default, this value is blank.

ntlogin.DefaultReaderACL

NT user manager plug-in only.

The ACL list to be assigned to the account that is used as the default reader account.

Default value: Browser

ntlogin.DefaultReaderID

NT user manager plug-in only.

The user name to be used as the default reader account.

Default value: DefaultReader

This value can be blank.

ntlogin.DefaultReaderPW

NT user manager plug-in only.

The password for the user name that the NT authentication module uses as the default reader account. Required if there is a value for ntlogin.DefaultReaderID.

Default value: SomeReader. The value is encrypted.

ntlogin.LogFile

NT user manager plug-in only.

The complete path to the file where debug information from the NT authentication module should be written. (Used only when ntlogin.Logging is set to true.)

ntlogin.Logging

NT user manager plug-in only.

Enables or disables debugging for the NT authentication module.

Possible values: true | false
objectclass

Systemn property used for WebCenter Sites runtime.

objectclassGroup

Specifies the name of the base object that signifies a WebCenter Sites group.

Possible values:

  • WebCenter Sites: groupofuniquenames

  • LDAP, iPlanet: groupofuniquenames

  • LDAP, Active Directory: group

Default value: groupofuniquenames

objectclassPerson

Specifies the name of the base object that signifies a WebCenter Sites user (person). The DIR.LISTUSERS tag uses the value set for this property to differentiate user entries from group or other entries.

Default value: person

password

Specifies the name of the attribute in the directory server that serves as the password attribute.

Possible values:

  • WebCenter Sites and NT: password

  • LDAP: userPassword

  • LDAP, Active Directory: password

Be sure to change the username and password from the defaults.

Default value: password

peopleparent

Specifies the entry to use as the parent of all WebCenter Sites entries of type User.

Possible values:

  • WebCenter Sites and NT: ou=people

  • LDAP: cn=people,dc=<companyname>,dc=com

  • LDAP, Active Directory: cn=users,dc=<companyname>,dc=com

Default value: ou=People

requiredGroupAttrs

Specifies the attributes that every descendent of the entry specified by the groupparent property must have values for.

Values must be entered in the x-www-form-urlencoded format.

requiredPeopleAttrs

Specifies the attributes that every descendent of the entry specified by the peopleparent property must have values for.

Values must be entered in the x-www-form-urlencoded format.

search.returnLimit

Specifies the maximum number of entries to return.

To obtain all the entries that satisfy the search criteria, set the value to 0.

search.scope

Specifies to what depth in the hierarchy a search reaches: search just the specified or current node, or search the nodes under that node.

Default value: 2 (which means search all nodes under the stated node)

search.timeoutVal

Specifies the number of seconds to wait for results before returning an error.

A value of 0 means to wait until the network timeout limit ends the wait.

Default value: 0

singlesignon

If set to true, enables single sign-on for an authentication plug-in that supports single sign-on.

Default value: true

syntax.beginquote

Specifies the string that delimits the beginning of a quoted string.

Default value: '

syntax.beginquote2

Specifies an alternative to the value specified for the syntax.beginquote property.

syntax.custom

Specifies classJNDIName-specific variables to pass into the classIName constructor. Syntax follows x-www-form-urlencoded format.

syntax.direction

Specifies the direction in which the components in a designated name are read.

Possible values:

left_to_right

right_to_left

flat

Default value: right_to_left

syntax.endquote

Specifies the string that delimits the end of a quoted string.

Default value: '

syntax.endquote2

Specifies an alternative to the value specified for syntax.endquote.

syntax.escape

Specifies the escape string for overriding separators, escapes, and quotes.

If you are using special characters, such as ',', '+', '-', ';', and so on, in DN, you cannot use \ as an escape string.

Default value: \\

syntax.ignorecase

Specifies whether strings are case-sensitive.

Set to false if the uppercase and the lowercase version of a letter character should be considered as different characters. (That is, "admin" and "Admin" should be interpreted as different words.)

Set to true if you want the uppercase and the lowercase version of a letter character to be considered as the same character. (That is "admin" and "Admin" should be interpreted as the same string.)

Default value: true

Note: If you set the cleandns property to true, you must also set this property's value to true.

syntax.separator

Specifies the separator character used between atomic name components.

This property is required unless syntax.direction is set to a value of flat.

Default value: ,

syntax.separatorava

Specifies the separator character used to separate multiple attribute/value pairs. Typically the comma character (,) is used.

Default value: ,

syntax.separatortypeval

Specifies the separator character used to separate an attribute from its value. For example, the equals symbol (=) is used.

Default value: =

syntax.trimblanks

Specifies whether spaces and whitespace characters are significant or should be ignored (trimmed) when evaluating a string.

Set to true if spaces should be ignored.

Set to false if spaces should be considered when evaluating a string.

Default value: false

uniquemember

Specifies the name of the attribute in the directory server that serves as the group assignment attribute.

Possible values:

  • WebCenter Sites and NT: uniquemember

  • LDAP, iPlanet: uniquemember

  • LDAP, Active Directory: member

Default value: uniquemember

username

Specifies the name of the attribute in the directory server that serves as the user name attribute.

Possible values:

  • WebCenter Sites and NT: username

  • LDAP, iPlanet: uid

  • LDAP, Active Directory: sAMAccount

Default value: username

xcelerate.displayablenameattr

The name of the user attribute that specifies the displayable name, if different from the login name.

xcelerate.emailattr

Specifies the name of the user attribute that is used to identify a user's e-mail address to your WebCenter Sites system. These attributes are kept in the SystemUserAttr table.

Default value: mail

xcelerate.localeattr

Specifies the name of the user attribute that identifies the locale that a user specifies if you have more than one language pack installed on your WebCenter Sites system.

Default value: locale

xcelerate.pubrolesattr

Specifies the name of the user attribute that lists the roles that the user has for publication.

This property is only used if xcelerate.usermanagerclass is set to com.openmarket.xcelerate.user.LDAPAttrUserManager.

This is combined with the publication id to obtain the attribute name containing the roles the user has for the publication.

If a value is not set, the UserPublication table is used.

xcelerate.sitenameattr

Specifies the naming attribute of the site entries.

This property is only used if xcelerate.usermanagerclass is set to com.openmarket.xcelerate.user.LDAPSchemaUserManager.

By default, this value is blank, which means that information about a user's roles is stored in the UserPublication table.

If there is a value specified for this property, the xcelerate.usermanagerclass, and xcelerate.sitesroot properties must also be configured correctly.

xcelerate.sitesattr

Specifies the name of the user attribute describing which publications the user has roles for.

This property is used only if xcelerate.usermanagerclass is set to com.openmarket.xcelerate.user.LDAPAttrUserManager.

If there is a value for this property, it is combined with the value of the pubid column and the value for the xcelerate.pubrolesattr property to determine a user's access rights in the WebCenter Sites interfaces.

By default, this value is blank, which means that information about a user's roles is stored in the UserPublication table.

xcelerate.sitesroot

Specifies the root node (dn) under which sites are located.

This property is used only if xcelerate.usermanagerclass is set to com.openmarket.xcelerate.user.LDAPSchemaUserManager.

By default, this value is blank, which means that information about a user's roles is stored in the UserPublication table.

If there is a value specified for this property, the xcelerate.usermanagerclass and xcelerate.sitenameattr properties must also be configured correctly.

xcelerate.timezoneattr

Specifies the name of the user attribute that identifies the timezone set for your WebCenter Sites system.

Default value: timezone

xcelerate.userimageattr

This property points to the imagesrc attribute in the WEM Framework user's account (accessible from the WEM Admin interface). The attribute contains image data in a base 64 encoded string. This property fetches the image.

Default value: userimage