JNDI Adapter Properties
The JNDI adapter properties form is comprised of common properties and properties specific to the adapter.
Common properties are located at the top of the form. These fields define the attributes associated with the LDAP entry. See
Common Properties and Actions for information about properties not listed here, as well as instructions on using the form and importing and exporting LDAP entries.
In addition to
common properties, the following properties are available to configure the JNDI adapter:
Attributes to Return as Binary
binaryAttributes
The attributes with non-string syntax that you would like returned as byte arrays (byte[]). Specify the value of this property as a string of space-separated attribute names. All attributes to store as binary should be included.
If you do not specify this property, then only attributes already recognized by the LDAP directory as having non-string syntax are returned as byte arrays. All other attributes are assumed to have string syntax.
Examples of attributes that might be stored as binary in the LDAP include the following:
photo
|
thumbnailPhoto
|
authorityRevocationList
|
personalSignature
|
thumbnailLogo
|
certificateRevocationList
|
audio
|
userPassword
|
crossCertificatePair
|
jpegPhoto
|
userCertificate
|
x500UniqueIdentifier
|
javaSerializedData
|
caCertificate
|
|
Attributes to Store as Binary
binaryMode
The attributes with non-string syntax that you want to store as byte arrays (byte[]). Use a comma to separate a string of attribute names.
If you do not specify this property, all attributes are assumed to have string syntax. Only attributes already recognized by the LDAP directory as having non-string syntax are returned as byte arrays.
Directory System Agent Credentials
dsaCredentials
The default password used when logging in to the directory service.
Directory System Agent User
dsaUser
The default username entered when logging in to the directory service.
There is no default for this property. If the username is not specified here, it must be specified directly in the webjects used to access your directory services. Otherwise, you can define this property through credentials mapping. For more information on credentials mapping, see
Credentials Mapping and
Mapping Credentials in Info*Engine Tasks and JSPs.
Distinguished Name Element Order
jndi.syntax.direction
Direction in which object names in a distinguished name are ordered. Valid values are RIGHT_TO_LEFT, LEFT_TO_RIGHT, and FLAT.
The default for this property is RIGHT_TO_LEFT.
Distinguished Name Element Separator
jndi.syntax.separator
Character used to delimit the names of objects in a distinguished name. The default for this property is a comma ( , ).
LDAP Dereference Aliases
environment.java.naming.ldap.derefAliases
Specifies how LDAP aliases are handled during searches. Select one of the following values:
◦ ALWAYS
◦ NEVER
◦ FINDING—Dereferences aliases only while locating the target entry.
◦ SEARCHING—Dereferences aliases once the target entry is located.
The default for this property is ALWAYS.
LDAP Referral
referral
Determines how the LDAP server processes referrals. Referrals are a mechanism by which an LDAP directory contacts other physical LDAP directories to obtain the results requested by a search. Select one of the following values:
◦ FOLLOW directs the LDAP server to process referrals.
◦ THROW directs the underlying code to throw LdapReferralException if a referral is encountered.
◦ IGNORE directs the underlying code to ignore any referrals and return only results obtained without referral processing.
Referral behavior is also set in the LDAP server. If you do not set the property for the adapter, then it defaults to the setting in the LDAP server.
LDAP Search Filter
searchFilter
The default search filter for the Query-Objects webject if no search filter is specified on the webject. The search filter allows a query to select a subset of all the entries in the scope of the query.
LDAP Search Scope
searchScope
Sets the scope of the search. Select one of the following values:
◦ BASE indicates that only the current entry should be searched.
◦ SUBTREE indicates that the search should start at the current level and search all levels of the complete LDAP hierarchy below the current level.
◦ ONELEVEL limits the search to entries contained in the current LDAP directory hierarchy level.
The default for this property is ONELEVEL.
LDAP Time Limit
timeLimit
Maximum time limit in seconds allowed for this search. If this limit is reached and the search has not finished, the found entries are returned and IEPartialResultsException is thrown. If 0 is specified, the search will not time out.
The default for this property is 0, meaning that the search does not time out.
LDAP Version
ldapVersion
The LDAP protocol used. Valid values are 3 for LDAPv3 and 2 for LDAPv2.
The default for this property is 3.
Log File
logFile
The fully qualified path of the log file used when the adapter is out of process.
|
Use this property rather than the Logging Directory property provided on the property editor form. Whether the Logging Directory property appears depends on if the Display Logging preference is checked in the form editor. The log messages for in-process adapters are written to an Info*Engine server log file and not to the file named in this property.
|
Maximum Number of Elements to Return
sizeLimit
Maximum number of entries to be returned as a result of a query. If the specified limit is reached and the search is not complete, the found entries are returned and IEPartialResultsException is thrown.
If 0 is specified, there is no limit and all entries found are returned. Both the underlying LDAP directory and the pagedSizeLimit property can also impose a size limit restriction.
The default for this property is 0; all entries found are returned.
Maximum Thread Count
socketAccess.maxThreadCount
Maximum number of concurrent request threads against each adapter instance. The default for this property is 100.
Naming Factory
java.naming.factory.initial
The Java class name of the factory class. The default for this property is com.sun.jndi.ldap.LdapCtxFactory.
Provider Url
java.naming.provider.url
The URL address of the naming or directory server.
Search Base
searchBase
Distinguished name of the entry at which a search starts.
Secret
secret.text
A string used to sign and validate requests.
Secret 2
secret.text2
Another string used to sign and validate requests to a task processor or adapter. The secret.text2 property generates a more comprehensive request signature than the secret.text property, and can be used instead of or in addition to the secret.text property.
Secret Algorithm
secret.algorithm
The algorithm used to encrypt the values of the Secret and Secret 2 properties.
Valid values are SHA-1, MD2, and MD5. The default for this property is SHA-1.
Service Type
serviceType
Determines whether the adapter uses a naming service or directory service. Select one of the following values:
◦ NAMING performs an LDAP one-level search operation of the named entry using the filter (objectclass=*) to retrieve the names of the entries immediately below the named entry.
◦ DIRECTORY performs an LDAP search operation according to the specified search controls.
The default for this property is DIRECTORY.
Verbose
verbose
Determines whether a detailed description is sent to the log file. Selecting TRUE sends detailed descriptions to the log file.
The default for this property is FALSE, meaning that detailed descriptions are not sent to the log file.
Dynamic Properties Configuration
Configuration information for a service or adapter can be updated while the service or adapter is running, allowing you to update properties without requiring a restart.
The Time To Live property specifies the time that elapses, in minutes, before the properties for a service or adapter are automatically reloaded. Properties are only automatically reloaded if they are being accessed. By default, the properties do not expire.
Additional Properties
If a property is not defined on the form, you can add it in the Additional Properties field. When adding additional properties, the property name format includes the name of the adapter entry (the service name) followed by the property name. For example:
<service_name>.pageSize
In the appropriate fields, specify the property used by the service or adapter and the value of that property. Click Add next to the new property name to open a text box in which you can modify the property value.
If the value becomes too long to view in its entirety, an Edit action appears. Click Edit to open a new browser window with a larger text area.
The following properties might be especially useful when configuring the JNDI adapter, and can be added as additional properties:
pageSize
Specifies the page size for paged search results returned by the LDAP server. Set this property to a number greater than 0 to enable paged searching; set it to 0 to disable paged searching.
By default, this property is disabled unless you are using an Active Directory Service, in which case setting the windchill.config.directoryType property automatically enables paged searches with a page size of 1000.
pagedSizeLimit
Specifies the maximum number of entries that a paged search can return, including entries returned across all pages of the result set.
The default value for this property is 20,000 entries. The value must be greater than or equal to the value of the pageSize property.
<serviceName>.filterCriteriaSizeLimit
This is JNDI adapter property to control the number of distinguished names (DNs) or criteria in a single LDAP query.
The default value is the same as the value of the property <serviceName>.pagedSizeLimit.
windchill.config.directoryType
Add this property if you are using a Microsoft Active Directory Server with the adapter. Set the value to ADS.
|
Setting this property automatically enables LDAP paged searches with a default page size of 1000 results. Setting the pageSize property overrides this value.
Set the pageSize property to 0 to disable paged searches.
|
windchill.mapping.user.attributes
The LDAP attributes that are available to Windchill and in the participant cache. Enter attributes as a comma-separated list.
For example, a typical attribute accessed by Windchill might be:
user.getAttributes().get(“<LDAP-attribute-name>”);