Sample LDAP Configuration File
The file is a sample configuration file. It uses a simple connection to Active Directory with importing of Active Directory groups
# Licensed Materials - Property of IBM® Corporation
# 5724-N88 5725-C431
# (C) Copyright HCL Technologies Ltd. 2001, 2024
# All Rights Reserved
# US Government Users Restricted Rights - Use, duplication or
# disclosure restricted by GSA ADP Schedule Contract with IBM® Corp.
# LDAP Properties
# Server Authentication definition
# The directory URL used to establish an LDAP connection
ldap.connectionURL=ldap://myldapserver
# define the secondary LDAP server name, if the primary is down we can use an alternative LDAP server
#–ldap.alternateURL=
# The username used to authenticate a read-only LDAP connection. If left not set, an anonymous connection is made.
ldap.connectionName=administrator@mydomain.MyCompany.com
# The password used to establish a read-only LDAP connection.
ldap.connectionPassword=myPassword
# Instructs Remote Control to read the value of the password parameter as encrypted ( true) or plain text ( false). See Admin guide for instructions on generating encrypted password
ldap.connectionPasswordEncrypted=false
# The fully qualified Java™ class name of the JNDI context factory to be used for
# this connection. If left unset, the default JNDI LDAP provider class is used.
# --- -ldap.contextFactory=com.sun.jndi.ldap.LdapCtxFactory
# ##################### SASL Definition ##########################################
# specifying the security level to use. Its value is one of the following strings: "simple" or "DIGEST-MD5".
# . If using SSL, you have to use simple.
ldap.security_authentication=simple
#Identifies the realm or domain from which the connection name should be chosen
# ---- ldap.connectionRealm=
#Quality of protection
# QOP can be one of: auth, auth-int, auth-conf
# auth -- Authentication only
# auth-int --Authentication and integrity checking by using signatures
# auth-conf -- (SASL only) Authentication, integrity and confidentiality checking
# by using signatures and encryption.
# ----ldap.connectionQop=auth
# Number indicating the size of the largest buffer the server is able to receive when
# using "auth-int" or "auth-conf". The default is 65536.
# ldap.connectionMaxbuf=16384
# Strength can be one of: low,medium,high
# ----ldap.connectionStrength=high
# ########################### SSL Definition ##########################################
# specifying the security protocol to use. Its value is a string determined by
# the service provider (for example: "ssl"). If this property is unspecified, the behaviour
# is determined by the service provider.
# ----ldap.security_protocol=ssl
# Access the keystore, this is where the Root CA public key cert was installed
# No need to specify the keystore password for read operations
# ----ldap.ssl_keyStore=PathOfKeyStoreFile
# ----ldap.ssl_keyStorePassword=KeystorePassword
# specifying how referrals encountered by the service provider are to be processed.
# The value of the property is one of the following strings:
# "follow" -- follow referrals automatically
# "ignore" -- ignore referrals
# "throw" -- throw ReferralException when a referral is encountered.
# If this property is not specified, the default is determined by the provider.
# ----ldap.referrals=follow
# ########################## define Group search for LDAP ########################
# The base LDAP directory entry for looking up group information. If left unspecified,
# the default is to use the top-level element in the directory context.
ldap.groupBase=OU=Groups,OU=mylocation,DC=mydomain,DC=mycompany,
DC=com
#The LDAP filter expression used for performing group searches.
ldap.groupSearch=(&(objectClass=group) (name=TRC*))
# Set to true if you want to recursively search the subtree of the element specified in
# the groupBase attribute for groups associated with a user. If left unspecified, the default
# value of false causes only the top level to be searched (a nonrecursive search).
ldap.groupSubtree=true
#The LDAP attribute that we should use for group names.
ldap.groupName=name
#The LDAP attribute that we should use for group descriptions
ldap.groupDescription=description
# This is the attribute specifying user members within a group
ldap.groupMembers=member
# ########################## User search definition ########################
#The base of the subtree containing users
#If not specified, the search base is the top-level context.
ldap.userBase=OU=Users,OU=mylocation,DC=mydomain,DC=mycompany, DC=com
# The LDAP filter expression to use when searching for a user's directory entry, with {0} marking
# where the actual username is inserted.
ldap.userSearch=(&(objectClass=User)(sAMAccountName={0}))
# Set this value to true if you want to recursively search the subtree of the element specified by
# the userBase attribute for the user's directory entry. The default value of false causes only the
# top level to be searched (a nonrecursive search).
ldap.userSubtree=true
#Set this value to true if a user has to be a member of the groups found in the group search
ldap.userInGroup=true
# Digest algorithm (SHA, MD2, or MD5 only)
# Remote control will use it to encrypt the user input password and
# compare it with password it receives from the LDAP server. If left unspecified, the default value is "cleartext".
# ---- ldap.digest=SHA
#LDAP attribute used for userids
ldap.userid=sAMAccountname
# LDAP User password attribute
ldap.userPassword=password
# LDAP Attribute containing the Users Email address
ldap.userEmail=userPrincipalName
# If the following parameters are defined they are mapped into the local remote control database
ldap.forename=givenName
ldap.surname=sn
ldap.title=title
ldap.initials=initialsg
ldap.company=company
ldap.department=department
ldap.telephone=telephoneNumber
ldap.mobile=mobile
ldap.state=st
ldap.country=Co
#### Other property definitions
#Set this value to the page size of LDAP search retrievals (default=500).
# Do not set this to anything greater than the max page size for the LDAP server ( for example, AD has a limit of 1000)
ldap.page.size=500