...
Property | Value | ||
---|---|---|---|
ldap.servers | <ip address or hostname:port> | ||
ldap.ssl | <true or false> Set to true to use SSL connections against the LDAP server Default: false | ||
ldap.acceptedcertissuers | <List of filenames, separated by comma or semicolon> List of Root/CA certificates to trust when validating server certificates. Default: none | ||
ldap.verifysslcert | <true or false> Set to false to disable SSL server certificate validation - use if your ldap server has untrusted certificates installed.
Default: true | ||
ldap.connectiontimeout | <timeout in minutes> | ||
ldap.systemuser | <userid> | ||
ldap.systempassword | <password> | ||
ldap.basedn | <DN name> The base DN to use when looking up in the LDAP server. This is the postfix used for all paths in the LDAP | ||
ldap.useridName | <attribute name> | ||
ldap.usersRDN | <RDN name> | ||
ldap.userattributes | <List of attributes – separated with comma or semicolon> | ||
ldap.stripdnfromuser | <true | false> - Default is false | ||
ldap.userObjectClass | <Object class name> Name of LDAP object class containing user records. Default is "person" | ||
ldap.groupObjectClass | <Object class name> Name of LDAP object class containing group records. Default is "group" | ||
ldap.groupMemberAttributeName | <Name of member attribute> - default is "member" (Note: requires minimum Ceptor v6.4.1) Allows you to change the member attribute name that is used when looking up group memberships in AD, if the memberOf attribute is not used on the user, of if it does not exist on a user record. In Active Directory, set this value to: "member:1.2.840.113556.1.4.1941:" to read all nested group memberships. | ||
ldap.group.name.is.cn | <true | false> - Default is false When reading LDAP group names, by default the name stored i the full unique name, the full DN of the group - e.g. CN=Administrators, OU=Groups, OU=organisation, OU=com - if this attribute is set, only the CN is kept and the rest is stripped. | ||
ldap.attrsToStore | <Pattern> Attributes matching this pattern will be stored in the session as state variables. This allows you to read arbitrary attributes from LDAP and store them in the session - that could be a users email address, phone number or any other attribute available in LDAP. |
Handling passwords that require changes
...
Property | Value | ||
---|---|---|---|
ldap.totp.attribute.name | <Attribute name> Default is "secretary"
| ||
ldap.mobile.attribute.name | <Attribute name> Name of the LDAP attribute containing the users mobile phone number. Default is "mobile" | ||
ldap.otp.retries | <Integer> Number of retries allowed when validating OTP code. Default is 3 | ||
ldap.sms.text | <Format String> String containing the text sent to the user when sending a generated OTP value. %s will be replaced with the OTP value, and %n can be used as newline. Default: "PIN:%n%s" | ||
ldap.totpsecret.encryptionkey | <Filename> Filename of a file containing the AES key used to encrypt the users TOTP secret in the LDAP server. Note that this file can be generated by PasswordUtils - see Encrypting or Obfuscating Passwords for more information. Default: none | ldap.attrsToStore | <Pattern> Attributes matching this pattern will be stored in the session as state variables. This allows you to read arbitrary attributes from LDAP and store them in the session - that could be a users email address, phone number or any other attribute available in LDAP. |
Email related settings | |||
ldap.otp.email.subject | <String> Specify the subject of the email sent with the OTP
Default: Ceptor One-Time-Pin | ||
ldap.otp.email.message | <String> Specify the content of the email message to be sent with the OTP
Default: Hello {username}.\n\nYou have requested a one-time-pin code, please use the code {code}. | ||
ldap.email.config.prefix | <String> Configuration prefix for SMTP server settings - if set to "mail", settings start with mail. - e.g. "mail.from", "mail.replyto" etc. Default: mail | ||
mail.smtp.host | <hostname or IP> - Note that "mail" can be replaced depending on the value of the ldap.email.config.prefix property SMTP hostname | ||
mail.smtp.protocol | <smtp or smtps> - Note that "mail" can be replaced depending on the value of the ldap.email.config.prefix property SMTP protocol to use - either smtp for plaintext or smtps for encrypted | ||
mail.smtp.port | <smtp or smtps> - Note that "mail" can be replaced depending on the value of the ldap.email.config.prefix property TCP port for the SMTP server - usually 25 for unencrypted and 465 for encrypted communication | ||
mail.smtp.user | <string> - Note that "mail" can be replaced depending on the value of the ldap.email.config.prefix property Userid for authentication to the mailserver | ||
mail.smtp.password | <string> - Note that "mail" can be replaced depending on the value of the ldap.email.config.prefix property Password for authentication to the mailserver - see Encrypting or Obfuscating Passwords | ||
mail.from | <string> - Note that "mail" can be replaced depending on the value of the ldap.email.config.prefix property Email address to set as "From" email address | ||
mail.replyto | <string> - Note that "mail" can be replaced depending on the value of the ldap.email.config.prefix property Optional email address for reply-to address | ||
mail.starttls.enable | <Boolean> - Note that "mail" can be replaced depending on the value of the ldap.email.config.prefix property True for enabling STARTTLS Default: true | ||
mail.debug | <Boolean> - Note that "mail" can be replaced depending on the value of the ldap.email.config.prefix property Set to true to enable debugging in which case debug information is written to stdout Default: false |
...