# Time in milliseconds to wait
for
responses
#idp.authn.LDAP.responseTimeout = PT3S
## SSL configuration, either jvmTrust, certificateTrust, or keyStoreTrust
#idp.authn.LDAP.sslConfig = certificateTrust
## If using certificateTrust above, set to the trusted certificate's path
idp.authn.LDAP.trustCertificates = %{idp.home}/credentials/ldap-server.crt
## If using keyStoreTrust above, set to the truststore path
idp.authn.LDAP.trustStore = %{idp.home}/credentials/ldap-server.truststore
## Return attributes during authentication
#idp.authn.LDAP.returnAttributes = userPrincipalName, sAMAccountName
idp.authn.LDAP.returnAttributes = *
## DN resolution properties ##
# Search DN resolution, used by anonSearchAuthenticator, bindSearchAuthenticator
#
for
AD: CN=Users,DC=example,DC=org
idp.authn.LDAP.baseDN = CN=users,DC=cisco,DC=com
idp.authn.LDAP.subtreeSearch =
true
*idp.authn.LDAP.userFilter = (sAMAccountName={user})*
# bind search configuration
#
for
AD: idp.authn.LDAP.bindDN=adminuser
@domain
.com
idp.authn.LDAP.bindDN = administrator
@cisco
.com
idp.authn.LDAP.bindDNCredential = Cisco
@123
# Format DN resolution, used by directAuthenticator, adAuthenticator
#
for
AD use idp.authn.LDAP.dnFormat=%s
@domain
.com
#idp.authn.LDAP.dnFormat = %s
@adfsserver
.cisco.com
# LDAP attribute configuration, see attribute-resolver.xml
# Note,
this
likely won't apply to the use of legacy V2 resolver configurations
idp.attribute.resolver.LDAP.ldapURL = %{idp.authn.LDAP.ldapURL}
idp.attribute.resolver.LDAP.connectTimeout = %{idp.authn.LDAP.connectTimeout:PT3S}
idp.attribute.resolver.LDAP.responseTimeout = %{idp.authn.LDAP.responseTimeout:PT3S}
idp.attribute.resolver.LDAP.baseDN = %{idp.authn.LDAP.baseDN:undefined}
idp.attribute.resolver.LDAP.bindDN = %{idp.authn.LDAP.bindDN:undefined}
idp.attribute.resolver.LDAP.bindDNCredential = %{idp.authn.LDAP.bindDNCredential:undefined}
idp.attribute.resolver.LDAP.useStartTLS = %{idp.authn.LDAP.useStartTLS:
true
}
idp.attribute.resolver.LDAP.trustCertificates = %{idp.authn.LDAP.trustCertificates:undefined}
idp.attribute.resolver.LDAP.searchFilter = (sAMAccountName=$resolutionContext.principal)