LDAP

Configuration Variable Data Type Description
proxy.config.ldap.auth.enabled INT

Default: 0

Enables (1) or disables (0) LDAP proxy authentication. See LDAP authentication.

proxy.config.ldap.cache.size INT

Default: 5000

The maximum number of entries allowed in the LDAP cache.

If this value is modified, you must update the value of proxy.config.ldap.cache. storage_size proportionally. For example, if you double the cache size, also double the cache storage size.

proxy.config.ldap.cache. storage_size INT

Default: 24582912

The size of the LDAP cache in bytes. This is directly related to the number of entries in the cache.

If this value is modified, you must update the value of proxy.config.ldap.cache.size proportionally. For example, if you double the storage size, also double the cache size.

Modifying this variable without modifying proxy.config.ldap.cache.size can cause the LDAP subsystem to stop functioning.

proxy.config.ldap.auth.ttl_value INT

Default: 3000

The amount of time (in minutes) that entries in the cache remain valid.

proxy.config.ldap.auth.purge_ cache_on_auth_fail INT

Default: 1

When enabled (1), configures Content Gateway to delete the authorization entry for the client in the LDAP cache if authorization fails.

proxy.config.ldap.proc.ldap. server.name STRING

Default: NULL

The LDAP server name.

proxy.config.ldap.proc.ldap. server.port INT

Default: 398

The LDAP server port.

proxy.config.ldap.proc.ldap. base.dn STRING

Default: NULL

The LDAP Base Distinguished Name (DN). Obtain this value from your LDAP administrator.

proxy.config.ldap.proc.ldap.uid_ filter STRING

Default: sAMAccountName

The LDAP login name/ID. Use this as a filter to search the full DN database.

userPrincipalName is also valid for Microsoft Active Directory.

For eDirectory or other directory services, enter uid in this field.

proxy.config.ldap.secure.bind. enabled INT

Default: 0

When enabled (1), configures the proxy to use secure LDAP (LDAPS) to communicate with the LDAP server.

Secure communication is usually performed on port 636 or 3269.

proxy.config.ldap.proc.ldap. server.bind_dn STRING

Default: NULL

The Full Distinguished Name (fully qualified name) of a user in the LDAP- based directory service. For example:

CN=John Smith,CN=USERS, DC=MYCOMPANY,DC=COM

Enter a maximum of 128 characters in this

field.

If no value is specified for this field, the proxy attempts to bind anonymously.

proxy.config.ldap.proc.ldap. server.bind_pwd STRING

Default: NULL

Specifies a password for the user identified by the proxy.config.ldap.proc. ldap.server.bind_dn variable.

proxy.config.ldap.proc.encode_ convert INT

Default: 0

Enables (1) or disables (0) the support of passwords with special characters.

The variable proxy.config.ldap.proc. encode_name is required when this variable is enabled.

This variable must be added manually. See this page for additional information.

proxy.config.ldap.proc.encode_ name STRING

Default: NULL

The encoding name to be used when proxy.config.ldap.proc.encode_

convert is enabled.

This variable must be added manually.