以下は、LDAP が有効になったセキュリティ領域を構成するための realms.xml 構文の例です。
<?xml version="1.0" encoding="UTF-8"?>
<realms xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" version="0.1" xsi:noNamespaceSchemaLocation="realms0.1.xsd">
<realm active="true" descriptor="LDAP Realm" id="LDAP">
<!-- Set the URL for the remote LDAP server. -->
<!-- The url has the format: ldap://server:port -->
<property name="url">
<value>ldap://myActiveDirectoryServer.mydomain.com:389</value>
</property>
<!-- Indicate whether SSL is used to connect to the remote LDAP server. -->
<property name="useSSL">
<value>false</value>
</property>
<!-- The bindName can be set to a name or an empty string; -->
<!-- or it can be commented out. If a name is specified, -->
<!-- it will be used to bind to the LDAP server. If the name -->
<!-- is unspecified (empty string) or the property itself -->
<!-- commented out, then an anonymous bind will occur. -->
<property name="bindName">
<value>CN=Automatic Binding User,OU=Groups,DC=myDomain,DC=com</value>
</property>
<!-- If we are doing an anonymous bind, then the bindPassword -->
<!-- property is ignored. Otherwise, this property sets -->
<!-- the password to use when binding to the LDAP server. -->
<property name="bindPassword">
<value>secretPassword</value>
</property>
<!-- Set to true if the bindPassword is plain text -->
<!-- If plainTextPasswords is set to true, the Enterprise Manager overwrites this file, -->
<!-- encrypting the password and setting plainTextPasswords to false -->
<!-- This property is optional -->
<!-- Default is true -->
<property name="plainTextPasswords">
<value>true</value>
</property>
<!-- Set the type of authentication to use when binding. -->
<!-- Valid values: none|simple|Digest-MD5 -->
<!-- Note than in Introscope 8.0 DIGEST-MD5 support has been -->
<!-- replaced with Digest-MD5 support. -->
<property name="bindAuthentication">
<value>simple</value>
</property>
<!-- The nameSuffix can be set to a suffix or empty string; -->
<!-- or it can be commented out. If a suffix is defined, -->
<!-- then the value will be appended to the Introscope user -->
<!-- name when dealing with LDAP queries. If the suffix is -->
<!-- unspecified (empty string) or the property itself is -->
<!-- commented out, then the name suffix will not be appended -->
<!-- to the user name. -->
<!--
<property name="nameSuffix">
<value>@dev.com</value>
</property>
-->
<!-- Set the base DN for all user object queries. -->
<property name="baseDN">
<value>DC=myDomain,DC=com</value>
</property>
<!-- Set the search depth when querying for a user object. -->
<!-- Valid values: onelevel|subtree -->
<property name="scopeDepth">
<value>subtree</value>
</property>
<!-- Set the name of the LDAP attribute -->
<!-- that will match an Introscope username. -->
<property name="usernameAttribute">
<value>cn</value>
</property>
<!-- Set the "LDAP search filter" that is used to query a user object. -->
<!-- The tokens "%u" and "{0}" (no quotes) will be filled in with the -->
<!-- Introscope username before the query executes. -->
<!-- All XML special characters in the query must be escaped: -->
<!-- Use & to indicate an ampersand, & -->
<!-- Use < to indicate a left angle ("less than") character -->
<!-- Use > to indicate a right angle ("greater than") character -->
<!-- Use " to indicate a quotation mark, " -->
<!-- Use ' to indicate an apostrophe, ' -->
<property name="userObjectQuery">
<value>(&(objectClass=organizationalPerson)(cn={0}))</value>
</property>
<!-- Optionally set the name of the LDAP attribute -->
<!-- to use as the group name. -->
<!--
<property name="groupNameAttribute">
<value>cn</value>
</property>
-->
<!-- Optionally set a search filter to match LDAP groups for a member. -->
<!-- The tokens "%u" and "{0}" (no quotes) will be replaced by the -->
<!-- member's distinguished name. -->
<!-- All XML special characters in the query must be escaped. See -->
<!-- comments for userObjectQuery property above. -->
<!--
<property name="groupMemberQuery">
<value>(&(objectClass=groupOfUniqueNames)(uniquemember=%u))</value>
</property>
-->
<!-- Set the search filter used to match an LDAP group name. -->
<!-- The tokens "%g" and "{0}" (no quotes) will be replaced by the -->
<!-- group name before the query executes. -->
<!-- All XML special characters in the query must be escaped. See -->
<!-- comments for userObjectQuery property above. -->
<!--
<property name="groupObjectQuery">
<value>(&(objectClass=groupOfUniqueNames)(cn=%g))</value>
</property>
-->
<!-- When using SSL, specify the full path name of -->
<!-- the LDAP Server Certificate (if available). -->
<!-- It is not necessary to escape backslashes. -->
<!--
<property name="serverCertificate">
<value>C:¥path¥to¥my¥cert¥cert.cer</value>
</property>
-->
property name="disallowEmptyPassword">
<value>true</value>
</property>
</realm>
</realms>
|
Copyright © 2013 CA.
All rights reserved.
|
|