2.8 Configuration file for external authentication server linkage (exauth.properties)
This is the definition file used to specify the settings required for external authentication linkage.
Format
specification-key-name=setting
Installation folder
Common-Component-installation-folder\conf or /opt/HiCommand/Base64/conf
Trigger for applying definitions
Immediately after the configuration file is saved
However, for any user who had already logged in when definitions of the configuration file were changed, the changes are not applied until the user logs in again. The authentication method displayed for such users might be different from the one used for login.
Description
One specification key and setting can be specified per line. Note the following points when coding the configuration file for external authentication server linkage:
Lines that begin with # are treated as comment lines.
Blank lines are ignored.
The entries are case sensitive.
Spaces cannot be specified before or after a setting.
Do not enclose a setting in double quotation marks (").
Settings
Classification |
Key name |
Settings |
Specifiable values |
Default values |
|---|---|---|---|---|
Common item |
auth.server.type |
Specifies the type of external authentication linkage. |
|
internal |
auth.server.name |
Specifies the server identifier of the external authentication server to be linked. You can use a maximum of 64 bytes. You must specify this property if ldap is specified for auth.server.type. For other cases, there is no need to specify this property. |
|
-- (Initial value at installation: ServerName) |
|
auth.group.mapping |
Specifies whether to link groups if external authentication linkage with Active Directory is used. |
|
false |
|
LDAP settings#1 |
auth.ldap.server-identifier#2.protocol |
Specifies the protocol for connecting to the LDAP directory server. There is no need to specify this property if a value other than ldap is specified for auth.server.type. If "tls" is specified, the encryption method used by the LDAP directory server differs depending on the JP1/AO version. Must be one of the following:
|
|
-- |
auth.ldap.server-identifier#2.host |
Specifies the host name, IPv4 address, or IPv6 address of the LDAP directory server. To specify an IPv6 address, enclose the value in square brackets ([ ]). You must specify this property if auth.ldap.server-identifier.dns_lookup is set to false. If "tls" is specified for "auth.ldap.server-identifier.protocol", it is necessary to specify the same host name as the CN of the server certificate of the LDAP directory server. An IP address cannot be used. |
Character string that can be specified for host names or IP addresses |
-- |
|
auth.ldap.server-identifier#2.port |
Specifies the port number of the LDAP directory server. |
1-65535 |
389 |
|
auth.ldap.server-identifier#2.timeout |
Specifies the connection timeout period (seconds) with the LDAP directory server. Specify 0 to wait for a connection until a communication error occurs. |
0-120 |
15 |
|
auth.ldap.server-identifier#2.attr |
Specifies the attribute name for which the user ID of the authentication user is defined. |
Character string that can be used for attribute names |
-- (Initial value at installation: sAMAccountName) |
|
auth.ldap.server-identifier#2.basedn |
Specifies the distinguished name (DN) used as the base point to search for the authentication user of the LDAP directory server. |
Character string that can be used for DNs |
-- |
|
auth.ldap.server-identifier#2.retry.interval |
Specifies the interval (seconds) between retries in the event of a failed connection to the LDAP directory server. |
1-60 |
1 |
|
auth.ldap.server-identifier#2.retry.times |
Specifies the number of retries, in the event of a failed connection to the LDAP directory server. |
0-50 |
20 |
|
auth.ldap.server-identifier#2.domain.name |
Specifies the domain name of the LDAP directory server. You must specify this property if either of the following conditions is satisfied:
|
Character string that can be specified for domain names |
-- |
|
auth.ldap.server-identifier#2.dns_lookup |
Specifies whether to use DNS to search for the LDAP directory server. |
|
false |
- #1
The settings are ignored if a value other than ldap is specified for auth.server.type.
- #2
For server-identifier, specify the same value specified for server-identifier for auth.server.name.
Example definitions
Example definition if all the following conditions exist:
External authentication linkage with Active Directory is used.
You do not want to link groups.
There is no need to register LDAP search users.
DNS is not used.
auth.server.type=ldap auth.server.name=ServerName1 auth.ldap.ServerName1.protocol=ldap auth.ldap.ServerName1.host=adhost1 auth.ldap.ServerName1.attr=cn auth.ldap.ServerName1.basedn=cn=Users,dc=example,dc=com
Example definition if all the following conditions exist:
External authentication linkage with Active Directory is used.
You want to link groups.
LDAP search users need to be registered.
DNS is used.
auth.server.type=ldap auth.server.name=ServerName1 auth.ldap.ServerName1.protocol=ldap auth.ldap.ServerName1.attr= sAMAccountName auth.ldap.ServerName1.basedn=dc=example,dc=com auth.ldap.ServerName1.domain.name=example.com auth.ldap.ServerName1.dns_lookup=true auth.group.mapping=true