JAAS user management definition file (hptl_jp1_imss_ua_conf.properties)
- Organization of this page
Description
This file defines the contents to be set for LDAP authentication.
Format
java.naming.provider.url.0=URL of the LDAP server com.jp1.imss.admin.auth.ldap.basedn.0=Base DN of the LDAP server com.cosminexus.admin.auth.ldap.search.userrdn.0=Possibility of authentication by using the organization units (OU) of the hierarchy structure com.cosminexus.admin.auth.ldap.search.scope.0=Possibility of authentication by using the organization units (OU) of the hierarchy structure java.naming.security.principal.0=Identifier of the person who authenticates users when he or she accesses the LDAP directory server java.naming.security.credentials.0=A password for java.naming.security.principal.0 com.jp1.imss.admin.auth.ldap.attr.userid.0=Attribute name indicating the login ID of the user
Lines starting with a hash mark (#) are treated as comments.
File names
-
hptl_jp1_imss_ua_conf.properties (JAAS user management definition file)
-
hptl_jp1_imss_ua_conf.properties.model (Model JAAS user management definition file)#
- #
-
You can use the model file to reset the contents of the JAAS user management definition file. To do so, delete the existing JAAS user management definition file, then copy and rename the model file.
Storage folder
JP1/SS-path\conf\
When the definition is applied
When you execute the jsschauthorityserver command, and restart the JP1/Service Support service, the definition is applied to JP1/Service Support.
What is described
Do not edit any specification keys other than those explained in the following table. Use an equal sign (=) to connect a specification key and its value.
Specification key name |
Description |
Default value |
---|---|---|
java.naming.provider.url.0 |
Specifies the URL for the LDAP directory server. A string of 1 to 4,096 bytes can be specified. |
-- |
com.jp1.imss.admin.auth.ldap.basedn.0 |
Use a string of half-width alphanumeric characters to specify the base DN of the LDAP directory server. A string of 1 to 512 bytes can be specified. |
-- |
com.cosminexus.admin.auth.ldap.search.userrdn.0# |
Specify true to perform authentication by using the organization unit (OU) of the hierarchy structure. |
-- |
com.cosminexus.admin.auth.ldap.search.scope.0# |
Specify subtree to perform authentication by using the organization unit (OU) of the hierarchy structure. |
-- |
java.naming.security.principal.0# |
Use a string of half-width alphanumeric characters to specify an identifier of a user to be authenticated when the user accesses the LDAP directory server. A string of 1 to 512 bytes can be specified. |
-- |
java.naming.security.credentials.0 |
Use a string to specify a password for java.naming.security.principal.0. |
-- |
com.jp1.imss.admin.auth.ldap.attr.userid.0 |
Use a string to specify an attribute name indicating the login ID of a user.
|
CN |
Notes
-
The JAAS user management definition file (hptl_jp1_imss_ua_conf.properties) must be created or edited with a character encoding that is compatible with the system locale of the machine on which JP1/Service Support is installed. You can use one of the following character encodings:
-
In a Japanese environment: MS932
-
In an English environment: ISO-8859-1
-
In a Chinese environment: GB18030
-
Definition example
Definition example 1
The following is a definition example when the Active Directory domain is jp1.imss, and a user in the Users container is used for authentication:
java.naming.provider.url.0=ldap://ldap-server:389 com.jp1.imss.admin.auth.ldap.basedn.0=CN=Users,DC=jp1,DC=imss
Definition example 2
The following is a definition example when the Active Directory domain is jp1.imss, and the user jp1admin whose password is jp1admin is registered in the userGroup organization unit, and both the user01 user in the userGroup organization unit and the user02 user in the subGroup organization unit under the userGroup organization unit are to be authenticated:
java.naming.provider.url.0=ldap://ldap-server:389 com.jp1.imss.admin.auth.ldap.basedn.0=OU=userGroup,DC=jp1,DC=imss com.cosminexus.admin.auth.ldap.search.userrdn.0=true com.cosminexus.admin.auth.ldap.search.scope.0=subtree java.naming.security.principal.0=CN=jp1admin,OU=userGroup,DC=imss,DC=com java.naming.security.credentials.0=jp1admin