#等待時間(以毫秒為單位)
對於
響應
#idp.authn.LDAP.responseTimeout = PT3S
## SSL配置,jvmTrust、certificateTrust或keyStoreTrust
#idp.authn.LDAP.sslConfig = certificateTrust
##如果使用上面的certificateTrust,請設定為受信任證書的路徑
idp.authn.LDAP.trustCertificates = %{idp.home}/credentials/ldap-server.crt
##如果使用上面的keyStoreTrust,請設定為truststore路徑
idp.authn.LDAP.trustStore = %{idp.home}/credentials/ldap-server.truststore
##身份驗證期間返回屬性
#idp.authn.LDAP.returnAttributes = userPrincipalName, sAMAccountName
idp.authn.LDAP.returnAttributes = *
## DN解析度屬性##
#搜尋DN解析,由anonSearchAuthenticator、bindSearchAuthenticator使用
#
對於
AD:CN=使用者,DC=示例,DC=org
idp.authn.LDAP.baseDN = CN=users,DC=cisco,DC=com
idp.authn.LDAP.subtreeSearch =
true
*idp.authn.LDAP.userFilter =(sAMAccountName={user})*
#繫結搜尋配置
#
對於
AD:idp.authn.LDAP.bindDN=adminuser
@domain
.com
idp.authn.LDAP.bindDN =管理員
@cisco
.com
idp.authn.LDAP.bindDNCredential =思科
@123
#格式DN解析,由directAuthenticator和adAuthenticator使用
#
對於
AD使用idp.authn.LDAP.dnFormat=%s
@domain
.com
#idp.authn.LDAP.dnFormat = %s
@adfsserver
.cisco.com
# LDAP屬性配置,請參閱attribute-resolver.xml
#附註,
此
很可能不適用於使用舊式V2解析器配置
idp.attribute.resolver.LDAP.ldapURL = %{idp.authn.LDAP.ldapURL}
idp.attribute.resolver.LDAP.connectTimeout = %{idp.authn.LDAP.connectTimeout:PT3S}
idp.attribute.resolver.LDAP.responseTimeout = %{idp.authn.LDAP.responseTimeout:PT3S}
idp.attribute.resolver.LDAP.baseDN = %{idp.authn.LDAP.baseDN:undefined}
idp.attribute.resolver.LDAP.bindDN = %{idp.authn.LDAP.bindDN:undefined}
idp.attribute.resolver.LDAP.bindDNCredential = %{idp.authn.LDAP.bindDNCredential:undefined}
idp.attribute.resolver.LDAP.useStartTLS = %{idp.authn.LDAP.useStartTLS:
true
}
idp.attribute.resolver.LDAP.trustCertificates = %{idp.authn.LDAP.trustCertificates:undefined}
idp.attribute.resolver.LDAP.searchFilter =(sAMAccountName=$resolutionContext.principal)