General service options

These are global configuration options to define the source and destination services. You must replace the term X in option label by src to configure source service, or dst to configure destination service. When you see XService this means srcService or dstService.

Initial context factory to use for data abstraction layer. You could specify the value com.sun.jndi.ldap.LdapCtxFactory. It should be the same value for both LDAP source and destination services.

Version of the LDAP protocol to use to connect to the LDAP server. 3 is recommended.

URI LDAP to connect to. Specifying the search base in the URI is mandatory.

Example:

dst.java.naming.provider.url = ldap://ldap.company.com:389/dc=company,dc=com

Note: if your search base contains spaces, JNDI requires you to escape them with the sequence “\\20”, for example “o=My Company” would become “o=My\\20Company”. This escape sequence is not required in other properties.

LDAP authentication mechanism to use. This value can take one of the following value : either simple to use a simple configuration bind DN, or none to use an anonymous authentication. Defaults to none.

LSC uses a DN on the LDAP server to authenticate itself and get rights on LDAP data. The value is a complete DN of an existing entry in the specified LDAP server.

The appropriate password for the DN used above, in case you use simple LDAP authentication.

Choose how to follow LDAP referrals. Values could be ignore, follow, or throw.

Choose how to follow LDAP aliases. Values could be never, always, search or find.

If set, use the Paged Results control to read a maximum of N entries at a time from the server. This is most useful if the LDAP server has a maximum size limit of search results.

Example:

dst.java.naming.ldap.pageSize = 1000

Use STARTTLS extended operation on this LDAP connection. Set to true to enable. Default is false.

See SSL and TLS HOWTO for more details, including how to configure certificate trusting.

Example:

dst.java.naming.tls = true

src.java.naming.factory.initial = com.sun.jndi.ldap.LdapCtxFactory
src.java.naming.ldap.derefAliases = never
src.java.naming.ldap.version = 3
src.java.naming.provider.url = ldap://localhost:1390/dc=AD,dc=net
src.java.naming.referral = ignore
src.java.naming.security.authentication = simple
src.java.naming.security.credentials = secret
src.java.naming.security.principal = cn=manager,dc=AD,dc=net

Java class name of the JDBC driver to use for this database.

Example:

src.database.driver = org.hsqldb.jdbcDriver

Connection URL. This must include the database name.

Example:

src.database.url = jdbc:hsqldb:file:hsqldb/lsc

User name to connect to the database with

Example:

src.database.username = elilly

Password to connect to the database with

Example:

src.database.password = lost

The full name of the Java JNDI class to use to retrieve information from destination service. Generic classes for simpe LDAP searches are available:

• org.lsc.jndi.SimpleJndiSrcService: basic service to search source directory by using sub searches with configurable filters. See below for configuration parameters.
• org.lsc.jndi.SimpleJndiDstService: basic service to search destination directory by using sub searches with configurable filters. See below for configuration parameters.
• org.lsc.jndi.FullDNJndiDstService: basic service to search destination directory by full DN. This assumes you can obtain the full DN from your data source.

The portion of the DN to base all operations for this task on, relative to the context DN specified in the LDAP URI.

The attributes used to identify a user in the destination service. These attributes must be used in the identity LDAP filter (see filterId below). For example, if users have a unique value of the LDAP attribute “uid”, then you could use the value uid here. The attributes are separated by spaces. Ex :

lsc.tasks.userWithMail.srcService.pivotAttrs = mail uid

This is the “global LDAP filter” used to retrieve all user DNs from the destination service. For example:

lsc.tasks.TASKNAME.srcService.filterAll = (&(objectClass=inetOrgPerson)(uid=*))

This is the “identity LDAP filter” used to retrieve one entry from the source or destination service. You have to use the string {name_of_the_attribute_from_pivotAttrs} in the filter. This string represents a user identifier found in user entry returned by the global LDAP filter. So, for example, a filter could be :

lsc.tasks.userWithMail.srcService.filterId = (&(objectClass=person)(uid={uid}))

Here, you specify all returned attributes from the source and destination service for one LDAP entry. Values are seperated by spaces. Note that for the dstService, only attributes in this list will be created or modified.

Example:

lsc.tasks.TASKNAME.srcService.attrs = uid mail sn givenName