...
- didmos backend connector (provided by DAASI International)
- LDAP connector (provided by Evolveum)
- Active Directory LDAP connector (provided by Evolveum)
Overview of configuration parameters
General parameters
Parameter name | Description |
---|---|
LOG_LEVEL | Logging level |
RECEIVE_QUEUE | The name of the RabbitMQ queue from where the worker gets the requests |
RESPONSE_QUEUE | The name of the RabbitMQ queue to which the worker puts the responses |
RETRY_TIME | The time in seconds to wait before retrying an action |
RabbitMQ parameters
Parameter name | Description |
---|---|
RABBITMQ_ADDRESSES | RabbitMQ server URL |
RABBITMQ_PORT | RabbitMQ server port |
RABBITMQ_USERNAME | RabbitMQ user name |
RABBITMQ_PASSWORD | RabbitMQ user password |
didmos2 backend connector parameters
Parameter name | Description |
---|---|
RESPONSE_API_URL | The backend REST URL |
RESPONSE_USER_NAME | didmos2 user name for basic authentication |
RESPONSE_USER_PASSWORD | didmos2 user password for basic authentication |
LDAP/AD LDAP connector parameters (see also https://wiki.evolveum.com)
Parameter name | Description |
---|---|
LDAP_SERVER | LDAP server name |
LDAP_PORT | LDAP server port |
ALLOW_UNTRUSTED_SSL | Whether connector skips certificate validity check against its default truststore (e.g. Java cacerts) |
ENABELED_SECURITY_PROTOCOLS | Set of security protocols that are acceptable for protocol negotiation |
CONNECT_TIMEOUT | Timeout to connect (in milliseconds) |
MAX_NUM_ATTEMPTS | Maximum number of attempts to retrieve the entry or to re-try the operation This number is applicable in replicated topology when handling connection failures and re-trying on another server, when following referrals and in similar situations |
AUTHENTICATION_TYPE | The authentication mechanism to use |
BASE_CONTEXT | The base DN that the connector will use if the base DN is not specified explicitly |
BIND_DN | The DN of the object to bind to |
BIND_PASSWORD | Bind password |
USE_PERMISSIVE_MODIFY | Use permissive modify LDAP control for modify operations Possible values: never, auto, always |
PAGING_STRATEGY | Specifies strategy of using paging mechanisms such as VLV or Simple Paged Results Possible values: none, auto, spr, vlv Default value: auto |
PW_HASH_ALGORITHM | Hash the passwords with a specified algorithm before they are sent to the server |
UID_ATTRIBUTE | Name of the attribute which will be used as ICF UID |
OPERATIONAL_ATTRIBUTES | Operational attributes that apply to all object classes |
STRUCTURAL_OBJECT_CLASS | If set to true, adds all additional structural object classes without children to the auxiliary object classes list on the connector |
Additional AD and LDAP connector parameters (see also https://wiki.evolveum.com)
Parameter name | Description |
---|---|
USER_OBJECT_CLASS | Object class to use for user accounts. Default: user |
GROUP_OBJECT_CLASS | Object class to use for user accounts. Default: group |
MEMBER_ATTRIBUTE | Group member attribute name. Default: member |
GLOBAL_CATALOG_STRATEGY | Strategy of global catalog usage |
ALLOW_BRUTE_FORCE_SEARCH | If set to true then the connector will try to search all defined servers for an entry if all other attempts fail |
RAW_USER_ACCOUNT_CONTROL_ATTRIBUTE | If set to false then the connector will interpret the content of userAccountControl attribute and will decompose it to pseudo-attributes for enabled state, lockout, etc. |
NATIVE_AD_SCHEMA | If set to true, then the connector will use native AD schema definition. |
TWEAK_SCHEMA | Extend the declared AD schema with tweaks that allow practical usage of the schema. |
INCLUDE_OBJECT_CATEGORY_FILTER | Enables inclusion of explicit object category filter in all searches. Normally the connector would derive search filter only based on the attributes specified in the query. E.g. (&(uid=foo)(cn=bar)). |
ADD_DEFAULT_OBJECT_CATEGORY | If set to true then the connector will automatically add default object category to all created objects. |
FORCE_PASSWORD_CHANGE_AT_NEXT_LOGON | If set to true then the connector will force password change at next log-on every time when the password is changed. If set to false (default) the password change at next log-on will not be forced. |
SCRIPT_EXECUTION_MECHANISM | The mechanism that will be used to execute scripts on resource. Default value: winrm |