Documentation Center

Settings, default, and description for the xyldap.cfg File

SettingDefault ValueDescription
ldap_hostNo default

Describes the type of authentication that is used on the LDAP server.

The hostname of the LDAP server.

When specifying more than one LDAP server, specify each with an id using the format ldap_host.[id] For example: ldap_host.1

ldap_portDepends on ldap_ssl setting

The port number of the LDAP server.

When specifying more than one LDAP server, set a matching ldap_port.[id] for each ldap_host.[id]. For example: ldap_host.1 and ldap_port.1

Settings: 389 - no SSL, when ldap_ssl is false

636 - SSL connection, when ldap_ssl is true

ldap_sslFALSE

Describes whether to use ssl for communication with the LDAP server. True=use ssl, false=do not use ssl.

certdbpath

Contenta_home > bin

(where Contenta_home is the top-level path where Contenta is installed.) Comment out when using Active Directory

Path to the database containing certificates for your client.

You can specify the path to the directory containing the certificate database.

The function assumes that the database file is named cert7.db.

To override, you can include the database filename in the path.

ldap_authenticationLDAP_AUTH_SIMPLE

Describes the type of authentication that is used on the LDAP server.

Example: ldap_authentication: LDAP_AUTH_SIMPLE

Values: LDAP_AUTH_SIMPLE

-or-

Values for the SASL mechanism.
  • LDAP_MECHANISM_EXTERNAL
  • LDAP_MECHANISM_CRAMMD5
  • LDAP_MECHANISM_GSSAPI
ldap_find_user_by_attrFALSE

Finds and authenticate LDAP user by specified attribute.

The Principal account should be set for this search.

ldap_base_dnNo defaultBase DN (distinctive name) in LDAP.

Example: ldap_base_dn : DC=global,DC=sdl,DC=corp

ldap_principal_dn

No default

Comment-out when using Active Directory

Principal DN (distinctive name) that might be used for search if LDAP user credentials are not good enough to search for the attributes such as: is_contenta_user_attr and contenta_login_name_check.

This flag should be set to use ldap_find_user_by_attr feature.

Principal is the LDAP path to the user (see example below).

Example: ldap_principal_dn: cn=Manager,ou=People,dc=global, dc=com

The DN suffix for the LDAP user. The name of the attribute that contains the LDAP user name.

Example: user_dn_suffix.1 : DC=global,DC=sdl,DC=corp user_name_attr.1 : sAMAccountName user_dn_suffix.2 : OU=users,OU=XyEngineering, DC=xyenterprise,DC=com user_name_attr.2 : sAMAccountName

is_contenta_user_checkFALSECheck if the user is a valid Contenta user.

Values

TRUE

FALSE

Example: is_contenta_user_check : TRUE

If the value is TRUE then is_contenta_user_attr must be set.

See: Login Error Messages for additional information.

is_contenta_user_attr

is_contenta_user_attr_rdn

contenta_login_name_check

No default

Empty string

FALSE

The name of the attribute that indicates whether the user is a valid Contenta user. The attribute has to have Boolean type.

Contenta accepts TRUE or FALSE as the attribute value; the default is FALSE.

Example:is_contenta_user_attr : isContentAUser

Relative DN (distinctive name) to the attribute specified by is_contenta_user_attr. This DN (distinctive name) is relative to the user node or to the user's parent node (whichever keeps the attribute).

If nothing is set, Contenta assumes that attribute is located on the same level as a user or a parent node.

Example: is_contenta_user_attr_rdn:name=Properties

Check for the Contenta login name.

Values: TRUE, FALSE

If the value is TRUE contenta_login_name_attr must be set.

See Login Error Messages for additional information.

contenta_login_name_check_ sysadmin_onlyFALSE

If this flag sets to true, Contenta will check the contenta_login_name_attr attribute. If the value of the attribute is set to sysadmin the user is treated as sysadmin.

If the value is set to something else or does not exist it is ignored and the name typed in Contenta is used as a user login name.

Values: TRUE, FALSE

If the value is TRUE contenta_login_name_attr must be set.

contenta_login_name_attrNo default

The name of the attribute that contains the Contenta login name.

This attribute is checked if contenta_login_name_check is TRUE.