| Field | Explanation |
|---|---|
| Use containment | Select this box to resolve effective attributes using containers. |
| Use groups | Select this box to resolve effective attributes using groups. |
| Group Root | Specifies the distinguished name (DN) of a group
object that is the parent of all groups used in resolving effective attributes
of a group member (user). For example, when using NXT 4 with the Netscape
server, cn=NPRootGroup,ou=Groups,o=rocketsoftware.com If you specify a Group Root, you must also specify the Membership Attribute. |
| Group Tree Depth | The GroupTreeDepth parameter can be set in LDAPData.ini to enhance the performance of LDAP queries when groups are in use. NXT users should be defined in the directory in a balanced tree starting at a given level so that this parameter can be used for performance reasons. |
| Membership Attribute | Specifies the name of the membership attribute found on group objects. By default, the uniquemember Membership Attribute is required if you specify a Group Root. |
| Additive Attributes | Specifies the LDAP attributes whose value is appended together. For example, if you have an LDAP mapping for NXT-Content to Content-Domain and want to append all NXT-Content domain values together, then set the value for Additive Attribute to NXT-Content. |
| Exclusive Attributes | Specifies LDAP attributes where only the first value found is returned. For example, if you have an LDAP mapping for NXT-Admin to Allow-Admin-Access and want only the first value found in a group or containment traversal, then set the value for Exclusive Attributes is NXT-Admin. |
| Mappings | Specifies a list of mappings between access control property names and LDAP names. |
LDAPData supports SSL. Doing so requires changes to the LDAPDdata.ini file. The following items are now supported under the [Service|instance|AccessControl] section
SSL=T/F – Set to T (true) to enable SSL support. If no value is set, SSL is disabled. Default is disabled.
SSL2=T/F – If set to T (true) and SSL is enabled, the ACM will use SSL version 2 instead of version 3. The default is false. If SSL is disabled, then this value is ignored.
CertPath=full path to the CA certificate database (cert.db). If SSL is disabled, this value is ignored.
To import the server certificate into its own database, use the following command:
certutil -A -n <friendly certificate name> -d <db path directory> -i <certfile.txt> -P <filename without -cert7.db> -t C,,
For example:
certutil.exe -A -n "Crypto CA Cert" -d c:\certdb -i CACert.txt -P "slapd-serverID" -t C,,
The certutil command comes with the Sun ONE Application Server.
For more information about the Sun ONE Application Server, read the official Oracle
documentation.
Note: The LDAPData service does not support client-side SSL authentication at this time.
Copyright © 2006-2023, Rocket Software, Inc. All rights reserved.