Description - Handles authentication using an LDAP directory

Runtime Class - com.iwaysoftware.eclipse.template.LdapRealmProviderType



Parameter Groups

 ParameterTypeDescription
*LDAP ProviderstringName of the Directory Provider describing the connection to the LDAP server.

Click below for a definition:
User Base ContextstringThe base of the subtree containing users. Each user that can be authenticated must be represented by an individual entry that corresponds to an element in this DirContext. If not specified, the top level element in the directory context will be used.
User PatternstringA pattern for the distinguished name (DN) of the user's directory entry. Use {0} to substitute the username. For example, (cn={0}). LDAP OR syntax is also supported (|(cn={0})(cn={0},o=myorg)). You can use this property instead of User Search Filter, Search User Subtree and User Base Context when the distinguished name contains the username and is otherwise the same for all users.
Search User SubtreebooleanThe search scope. Set to true if you wish to search the entire subtree rooted at the User Base Context entry. The default value of false requests a single-level search including only the top level.
User Search FilterstringThe LDAP filter expression to use when searching for a user's directory entry, with {0} marking where the actual username should be inserted. Use this property (along with the Search User Subtree property) instead of User Pattern to search the directory for the user's entry.
User Password AttributestringName of the attribute in the user's entry containing the user's password. If you specify this value, this realm will retrieve the corresponding attribute for comparison to the value specified by the user being authenticated. If you do not specify this value, this realm will attempt a simple bind to the directory using the DN of the user's entry and password specified by the user, with a successful bind being interpreted as an authenticated user.
Role Base ContextstringThe base directory entry for performing role searches. If not specified, the top level element in the directory context will be used.
Search role SubtreebooleanSet to true if you want to search the entire subtree of the element specified by the Role Base Context for role entries associated with the user. The default value of false causes only the top level to be searched.
Role Search FilterstringThe LDAP filter expression used for performing role searches. Use {0} to substitute the distinguished name (DN) of the user, and/or {1} to substitute the username. If not specified a role search does not take place and roles are taken only from the attribute in the user's entry specified by the User Role Attribute.
Role AttributestringThe name of the attribute that contains role names in the directory entries found by a role search. In addition you can use the User Role Attribute property to specify the name of an attribute, in the user's entry, containing additional role names. If Role Attribute is not specified a role search does not take place, and roles are taken only from the user's entry.
User Role AttributestringThe name of an attribute in the user's directory entry containing zero or more values for the names of roles assigned to this user. In addition you can use the Role Attribute property to specify the name of an attribute to be retrieved from individual role entries found by searching the directory. If User Role Attribute is not specified all the roles for a user derive from the role search.
* - denotes required