Notice: this Wiki will be going read only early in 2024 and edits will no longer be possible. Please see: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/wikis/Wiki-shutdown-plan for the plan.
Org.eclipse.higgins.idas.cp.jndi
Contents
Configuration
NOTE: The JNDI Context Provider configuration XML file format was designed to be used to configure any number and type of Context Provider. Other Higgins Context Providers contributed by Novell currently use this same format. Work is currently underway which may change or eliminate this method of CP configuration.
The JNDI Context Provider is configured through an XML file whose format is specified by the following XML schema:
Each Context Provider configuration section is described by a "Realm" definition within the XML file.
Realm Configuration Elements
realms
This element should encapsulate all realm definitions and other global configuration. This element should also define the namespaces to be used globally throughout the configuration document.
<bci:realms xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:bci="http://www.bandit-project.org/commonidentity" xmlns:xacml="urn:oasis:names:tc:xacml:2.0:policy:schema:os" xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:policy:schema:os:access_control-xacml-2.0-policy-schema-os.xsd"> ... </bci:realms>
env
The JNDI CP will attempt to support all java.naming.* environment properties as far as they make sense to support for each JNDI provider supported. Any given environment property may be honored by any number of Context Providers which use this configuration format. Consult the Context Provider specific env element documentation for which env elements are supported. The env elements can be specified at both a global and realm specific level.
realm
This element is used to specify an identity source repository and encapsulates information about how to connect to that repository together with policy and rules about how to access identity information from it.
The connectorType attribute is used to specify the connector module to invoke for this realm. The id attribute is also known as the realm selector and is used to uniquely identify this realm from any other realms specified in this realms configuration document.
<bci:realm desc="Directory Service: My Test Directory" connectorType="org.bandit.ia.connectors.LDAPConnectorInitialCtxFactory" id="MyUniqueRealmIdentifier"> ... </bci:realm>
env
This elment is used to specify parameters to be passed to the connector during initialization, these would be passed if the same field was not passed as a parameter in the hash passed to the connector constructor.
<bci:env prop="java.naming.ldap.attributes.binary" value="objectGUID" /> <bci:env prop="java.naming.security.authentication" value="simple" /> <bci:env prop="java.naming.security.principal" value="Administrator@gumbo.oakland.acme.com" /> <bci:env prop="java.naming.security.credentials" value="test" />
Above are some examples of environment properties that are supported by the bandit LDAP connector.
connection
This element is used to specify connector specific configuration information. The realms XML Schema file designates this element as an xsd:anyType attribute. The instance documents should specify a type defined in the Bandit Common Identity namespace (such as "bci:LDAPConnector") for the connection information to be properly handled by the Identity Abstraction.
<bci:connection xsi:type="bci:SomeConnectorConfigType"> ... </bci:connection>
LDAP Connector
The instance type for LDAP connector configuration is bci:LDAPConnector and the allowed elements are documented in the realms XML Schema file.
<bci:connection xsi:type="bci:LDAPConnector"> <bci:address>ldap://gumbo.oakland.acme.com:389/dc=gumbo,dc=oakland,dc=acme,dc=com</bci:address> </bci:connection>
address
This element is used to specify the connection address of the desired LDAP directory agent. Multiple addresses are allowed to be configured for failover and fallback. Each address is expected to point to the same view of the desired identity information.