Active Directory LDAP

Description

The password value can be plaintext, or the xor encoded value of the password. In this example, the filters for Active Directory have been customized as an external activedLdapFilterProperties element, which is then referenced by the ldapRegistry element and the default values of ldap entity types, attributes, group configuration, context pool and cache configuration will be used.

<server description="LdapRegistry sample configuration">

    <!-- NOTE: This file is for reference only. -->

    <!-- Enable appSecurity-2.0 and ldapRegistry-3.0 features -->
    <featureManager>
        <feature>appSecurity-2.0</feature>
        <feature>ldapRegistry-3.0</feature>
    </featureManager>

    
    
    <!-- Sample configuration for LdapRegistry of Active Directory type.
         The password value can be plaintext, or the xor encoded value of the password.
         In this example, the filters for Active Directory have been customized as an external activedLdapFilterProperties element, which is then referenced by the ldapRegistry element. -->

    <ldapRegistry id="ActiveDirectoryLDAP" realm="SampleLdapADRealm" host="host.domain.com" port="389" ignoreCase="true" baseDN="cn=users,dc=domain,dc=com" bindDN="cn=myuser,cn=users,dc=domain,dc=com" bindPassword="mypassword" ldapType="Microsoft Active Directory" activedFilters="myactivedfilters">

      <contextPool enabled="true" initialSize="1" maxSize="0" timeout="0ms" waitTime="3000ms" preferredSize="3"/>
      <ldapCache>
        <attributesCache size="4000" timeout="1200ms" enabled="true" sizeLimit="2000"/>
        <searchResultsCache size="2000" timeout="600ms" enabled="true" resultsSizeLimit="1000"/>
      </ldapCache>
    </ldapRegistry>

    <activedLdapFilterProperties id="myactivedfilters" userFilter="(&(sAMAccountName=%v)(objectcategory=user))" groupFilter="(&(cn=%v)(objectcategory=group))" userIdMap="user:sAMAccountName" groupIdMap="*:cn" groupMemberIdMap="memberOf:member"/>

</server>