LdapClient
Module for outbound LDAP v3 access
Last updated
Module for outbound LDAP v3 access
Last updated
The LdapClient module manages connections and access to LDAP directory services.
Each module (instance) manages a single connection to a single directory (a destination) with the possibility to add more identical directories for fail over. To configure connections to multiple servers, use multiple modules. To increase throughput, increase the number of module instances.
The module provides a service on the internal event bus with a JSON based protocol and a java library for simplified use.
This module is used for all internal LDAP access, including the bundled LDAP valves.
Module name: LdapClient | LDAPClient
| Name | Description | Default | Mandatory |
|---|---|---|---|
| Name | Description | Default | Mandatory |
|---|---|---|---|
Basic with no fail-over
Enable failover by using hosts and adding more hosts
name
Destination name. Unique identifier for a specific configuration/connection/service. This value must be unique for all ldapclient configurations.
"default"
instances
Number of instances to deploy.
1
connection
LDAP connection configuration
host
Hostname or Ip-address to LDAP directory service. (Mandatory unless hosts is used)
port
Listen port of LDAP directory service. (Mandatory unless hosts is used)
hosts
List of LDAP directory service hosts:ports. If more than one is specified, fail-over is enabled. When this property is used, host and port properties are optional.
bind_dn
DN of user/account used to connect to LDAP service.
bind_password
Password of user/account used to connect to LDAP service.
connect_timeout_ms
Specifies the maximum length of time in milliseconds that a connection attempt should be allowed to continue before giving up. A value of zero indicates that there should be no connect timeout.
10000
response_timeout_ms
Specifies the maximum length of time in milliseconds that an operation should be allowed to block while waiting for a response from the server. A value of zero indicates that there should be no timeout.
2000
abandon_on_timeout
Specifies whether the LDAP client should attempt to abandon any request for which no response is received in the maximum response timeout period.
true
follow_referrals
Specifies whether associated connections should attempt to follow any referrals that they encounter, using the referral connector for the associated connection.
false
use_keep_alive
Specifies whether to use the SO_KEEPALIVE option for the underlying sockets used by associated connections.
false
use_linger
Specifies whether to use the SO_LINGER option for the underlying sockets used by associated connections.
false
linger_timeout_secs
SO_LINGER timeout in seconds.
30
use_schema
Specifies whether to try to use schema information when reading data from the server (e.g., to select the appropriate matching rules for the attributes included in a search result entry).
true
use_ssl
Specifies if SSL/TLS should be used or not.
true
ssl_trust_all
Turns on/off trust validation for SSL/TLS connections.
false
ssl_truststore_path
Path to custom SSL truststore. If not specified, the default Java truststore will be used.
ssl_truststore_password
Custom truststore password
ssl_truststore_validate_time
Turns on/off peer certificate validity check.
true