OX LDAP Properties#
Overview#
ox-ldap.properties file contains information required for the Gluu CE Server to connect with LDAP for authenticating and authorizing the user/admin and also provides the connection strings to various component's of Gluu CE or site to fetch required information for the installed and configured components during setup after installation. For setup/configuration detail, please refer to Setup Script Options ox-ldap.properties file will be stored under /etc/gluu/conf/
Properties in ox-ldap#
Below are the properties that are written in ox-ldap.properties for the Gluu CE server to connect with LDAP.
| Property | Description |
|---|---|
| Bind DN | Stores the DN of the connecting LDAP server |
| Bind Password | Stores the password of the DN, which is provided during setup |
| servers | LDAP server with port number |
| useSSL | Provides a boolean value, depending on the SSL used, and is set to true or false |
| ssl.trustStoreFile | Path to the SSL trust store |
| ssl.trustStorePin | Credential for the trust store |
| ssl.TrustStoreFormat | File format for certificates in trust store |
| maxconnections | number of maximum connections to be used, this is can be left to be set it to default |
| connection.max-wait-time-millis | The maximum time in milliseconds to wait for a connection response |
| connection.max-age-time-millis | After this much time in milliseconds, recreate the polled connection |
| connection-pool.health-check.on-checkout.enabled | Select whether to perform a connection health check when checking it out from the pool |
| connection-pool.health-check.interval-millis | How often connections in pool are checked. Not used when connection-pool.health-check.on-checkout.enabled=true |
| connection-pool.health-check.max-response-time-millis | How long to wait during connection health check |
| certsDir | Path of the certificates stored |
| confDir | Path of the configuration directory |
| pythonModulesDir | Path of the custom Python modules |
| binaryAttributes | This property should be left to be default ObjectGUID |
Note
In most cases, periodic health checks with connection-pool.health-check.interval-millis and connection.max-age-time-millis are sufficient. If there are severe network issues, setting connection-pool.health-check.on-checkout.enabled=true can help, but can result in the LDAP operation performance decreasing by 20-30%.