3.2.3 Registering information in the configuration file for external authentication server linkage
In the configuration file for external authentication server linkage (exauth.properties), register information necessary for Active Directory linkage.
The configuration file for external authentication server linkage is stored in the following folder:
Common-Component-installation-folder\conf or /opt/HiCommand/Base64/conf
Key name |
Settings |
Definition |
---|---|---|
auth.server.type |
ldap (fixed) |
Required |
auth.server.name |
Server identifier |
Required |
auth.group.mapping |
true: Link groups. false: Do not link groups. |
Required |
auth.ldap.server-identifier.protocol |
ldap: Performs communication by using plain text tls: Performs communication by using StartTLS |
Required |
auth.ldap.server-identifier.host |
Host name or IP address of the LDAP directory server |
Optional#1 |
auth.ldap.server-identifier.port |
Port number of the LDAP directory server |
Optional |
auth.ldap.server-identifier.timeout |
Connection timeout period (seconds) for the LDAP directory server |
Optional |
auth.ldap.server-identifier.retry.interval |
Interval (seconds) between retries, in the event of a failed connection to the LDAP directory server |
Optional |
auth.ldap.server-identifier.retry.times |
Number of retries, in the event of a failed connection to the LDAP directory server |
Optional |
auth.ldap.server-identifier.domain.name |
Domain name |
Optional#2 |
auth.ldap.server-identifier.dns_lookup |
true: Use DNS to search for the LDAP directory server. false: Do not use DNS to search for theLDAP directory server. |
Optional |
- #1
You must specify this property if auth.ldap.server-identifier.dns_lookup is set to false.
If "tls" is specified for "auth.ldap.server-identifier.protocol", it is necessary to specify the same host name as the CN of the server certificate of the LDAP directory server. An IP address cannot be used.
- #2
You must specify this property if either of the following conditions exists:
auth.group.mapping is set to true.
auth.ldap.server-identifier.dns_lookup is set to true, and auth.ldap.server-identifier.host is omitted.