LDAP Cluster Properties
The following cluster properties configure the 's connection to a LDAP Identity Provider.
gateway91
The following cluster properties configure the
API Gateway
's connection to a LDAP Identity Provider. Refer to "Time Units" under Gateway Cluster Properties for a list of the valid time units that you can use for time-related properties.
Property | Description |
|---|---|
ldap.certificate.cachetime | Time to keep LDAP certificates in the LDAP certificate cache. Default: 600000 (milliseconds) |
ldap.certificateIndex.interval | Time between indexing or reindexing the LDAP certificates. Default: 600000 (milliseconds) |
ldap.connection.timeout | Timeout for an LDAP connection. If the LDAP provider cannot establish a connection within that period, it aborts the connection attempt. A value less than or equal to zero means to use the network protocol's (for example, TCPs) timeout value. Default: 5 (seconds) |
ldap.group.searchMaxResults | Maximum number of results to return in an LDAP group membership search. By default, this setting uses the value from the ldap.searchMaxResults property. Enter a different value if you do not want the two values to be the same. Default: setting from ldap.searchMaxResults |
ldap.read.timeout | Read timeout for LDAP operations. If the LDAP provider cannot get a LDAP response within that period, it aborts the read attempt. A value less than or equal to zero means no read timeout is specified which is equivalent to waiting for the response infinitely until it is received. Default: 30 (seconds) |
ldap.reconnect.timeout | The amount of time to wait before attempting to reconnect to a LDAP server that failed during LDAP authentication. This property lets you determine how long an LDAP server should be blacklisted. This cluster property is used unless an explicit override value is entered in the LDAP Identity Provider Wizard or the Simple LDAP Identity Provider Wizard. A value of '0' (zero) disables the blacklist, meaning the Gateway attempts a reconnect immediately. Default: 60000 (milliseconds)This cluster property replaces the now deprecated "ldap.reconnect.timeout" setting in the serverconfig_override.properties file. Do not use the properties file to override the reconnect timeout; always use this cluster property instead. |
ldap.referral | Controls how to handle LDAP referrals. Possible values are follow or ignore. Set this property to ignore if LDAP referrals are causing problems. Default: follow |
ldap.searchMaxResults | Maximum number of results to return in an LDAP Identity Provider search. Default: 1000 |
ldap.simple.username.pattern | Regular expression that all usernames must match before they can be used to construct a DN using the Simple LDAP Identity Provider. Default: ^[\p{Alnum}\.\-\_]+$ |