Hitachi

JP1 Version 12 JP1/Service Support Configuration and Administration Guide


JAAS user management definition file (hptl_jp1_imss_ua_conf.properties)

Organization of this page

Description

This file defines the contents to be set for LDAP authentication.

Format

java.naming.provider.url.0=URL of the LDAP server
com.jp1.imss.admin.auth.ldap.basedn.0=Base DN of the LDAP server
com.cosminexus.admin.auth.ldap.search.userrdn.0=Possibility of authentication by using the organization units (OU) of the hierarchy structure
com.cosminexus.admin.auth.ldap.search.scope.0=Possibility of authentication by using the organization units (OU) of the hierarchy structure
java.naming.security.principal.0=Identifier of the person who authenticates users when he or she accesses the LDAP directory server
java.naming.security.credentials.0=A password for java.naming.security.principal.0
com.jp1.imss.admin.auth.ldap.attr.userid.0=Attribute name indicating the login ID of the user

Lines starting with a hash mark (#) are treated as comments.

File names

Storage folder

JP1/SS-path\conf\

When the definition is applied

When you execute the jsschauthorityserver command, and restart the JP1/Service Support service, the definition is applied to JP1/Service Support.

What is described

Do not edit any specification keys other than those explained in the following table. Use an equal sign (=) to connect a specification key and its value.

Table 13‒6: List of specification keys that can be set in the JAAS user management definition file

Specification key name

Description

Default value

java.naming.provider.url.0

Specifies the URL for the LDAP directory server.

A string of 1 to 4,096 bytes can be specified.

--

com.jp1.imss.admin.auth.ldap.basedn.0

Use a string of half-width alphanumeric characters to specify the base DN of the LDAP directory server.

A string of 1 to 512 bytes can be specified.

--

com.cosminexus.admin.auth.ldap.search.userrdn.0#

Specify true to perform authentication by using the organization unit (OU) of the hierarchy structure.

--

com.cosminexus.admin.auth.ldap.search.scope.0#

Specify subtree to perform authentication by using the organization unit (OU) of the hierarchy structure.

--

java.naming.security.principal.0#

Use a string of half-width alphanumeric characters to specify an identifier of a user to be authenticated when the user accesses the LDAP directory server.

A string of 1 to 512 bytes can be specified.

--

java.naming.security.credentials.0

Use a string to specify a password for java.naming.security.principal.0.

--

com.jp1.imss.admin.auth.ldap.attr.userid.0

Use a string to specify an attribute name indicating the login ID of a user.

  • For linkage by using the full name of a user: CN

  • For linkage by using the user logon name (before Windows 2000): sAMAccountName

CN

Legend:

--: No setting values are available.

#

Must be specified if you specify sAMAccountName by using the com.jp1.imss.admin.auth.ldap.attr.userid.0 specification key.

Notes

Definition example

Definition example 1

The following is a definition example when the Active Directory domain is jp1.imss, and a user in the Users container is used for authentication:

java.naming.provider.url.0=ldap://ldap-server:389
com.jp1.imss.admin.auth.ldap.basedn.0=CN=Users,DC=jp1,DC=imss

Definition example 2

The following is a definition example when the Active Directory domain is jp1.imss, and the user jp1admin whose password is jp1admin is registered in the userGroup organization unit, and both the user01 user in the userGroup organization unit and the user02 user in the subGroup organization unit under the userGroup organization unit are to be authenticated:

java.naming.provider.url.0=ldap://ldap-server:389
com.jp1.imss.admin.auth.ldap.basedn.0=OU=userGroup,DC=jp1,DC=imss
com.cosminexus.admin.auth.ldap.search.userrdn.0=true
com.cosminexus.admin.auth.ldap.search.scope.0=subtree
java.naming.security.principal.0=CN=jp1admin,OU=userGroup,DC=imss,DC=com
java.naming.security.credentials.0=jp1admin