# Configuration variables for ldap operation
# Comments must be on separate lines
# Format is 'name=value'

## LDAP CONFIG ##

# fully qualified class name of the context factory that JNDI should use
# default value is 'com.sun.jndi.ldap.LdapCtxFactory'
#edu.vt.middleware.ldap.contextFactory=

# fully qualified class name which implements javax.net.ssl.SSLSocketFactory
#edu.vt.middleware.ldap.sslSocketFactory=

# fully qualified class name which implements javax.net.ssl.HostnameVerifier
#edu.vt.middleware.ldap.hostnameVerifier=

# hostname of the LDAP
edu.vt.middleware.ldap.ldapUrl=ldap://directory.vt.edu:389

# base dn for performing user lookups
edu.vt.middleware.ldap.baseDn=ou=People,dc=vt,dc=edu

# bind DN if one is required to bind before searching
#edu.vt.middleware.ldap.bindDn=cn=manager,ou=Services,dc=vt,dc=edu

# credential for the bind DN
#edu.vt.middleware.ldap.bindCredential=manager_password

# LDAP authentication mechanism
# default value is 'simple'
#edu.vt.middleware.ldap.authtype=

# require an authoritative source, this value must be either 'true' or 'false'
#edu.vt.middleware.ldap.authoritative=

# sets the amount of time in milliseconds that search operations will block
#edu.vt.middleware.ldap.timeLimit=

# sets the amount of time in milliseconds that connect operations will block
#edu.vt.middleware.ldap.timeout=

# sets the maximum number of entries that search operations will return
#edu.vt.middleware.ldap.countLimit=

# sets the batch size to use when returning results
# default value is '-1'
#edu.vt.middleware.ldap.batchSize=

# sets the DNS url to use for hostname resolution
# example is 'dns://somehost/wiz.com'
#edu.vt.middleware.ldap.dnsUrl=

# sets the preferred language
# default value is determined by the service provider
#edu.vt.middleware.ldap.language=

# specifies how referrals should be handled
# must be one of 'throw', 'ignore', or 'follow'
#edu.vt.middleware.ldap.referral=

# specifies how aliases should be handled
# must be one of 'always', 'never', 'finding', or 'searching'
#edu.vt.middleware.ldap.derefAliases=

# specifies additional attributes which should be treated as binary
# attribute names should be space delimited
edu.vt.middleware.ldap.binaryAttributes=userSMIMECertificate

# only return attribute type names, this value must be either 'true' or 'false'
#edu.vt.middleware.ldap.typesOnly=

# whether SSL should be used for LDAP connections
# default value is 'false'
#edu.vt.middleware.ldap.ssl=

# whether TLS should be used for LDAP connections
# default value is 'false'
#edu.vt.middleware.ldap.tls=

## LDAP AUTHENTICATOR CONFIG ##

# can be used to override any of the previous properties

# fully qualified class name which implements javax.net.ssl.SSLSocketFactory
#edu.vt.middleware.ldap.auth.sslSocketFactory=

# fully qualified class name which implements javax.net.ssl.HostnameVerifier
#edu.vt.middleware.ldap.auth.hostnameVerifier=

# hostname and optional port of your LDAP
edu.vt.middleware.ldap.auth.ldapUrl=ldap://authn.directory.vt.edu:389

# base dn for performing user lookups
edu.vt.middleware.ldap.auth.baseDn=ou=People,dc=vt,dc=edu

# LDAP authentication mechanism
# default value is 'simple'
#edu.vt.middleware.ldap.auth.authtype=

# LDAP field which contains user identifier
edu.vt.middleware.ldap.auth.userField=uupid

# whether the authentication dn should be constructed or looked up in the LDAP
edu.vt.middleware.ldap.auth.constructDn=false

# whether the authentication dn should be searched for over the entire base
edu.vt.middleware.ldap.auth.subtreeSearch=false

# whether authentication credentials should be logged
# default value is 'false'
#edu.vt.middleware.ldap.auth.logCredentials=

# whether SSL should be used for LDAP connections
# default value is 'false'
#edu.vt.middleware.ldap.auth.ssl=

# whether TLS should be used for LDAP connections
# default value is 'false'
edu.vt.middleware.ldap.auth.tls=true

# ldap filter to use for performing authorization
#edu.vt.middleware.ldap.auth.authorizationFilter=(&(eduPersonAffiliation=VT-ALUM)(eduPersonAffiliation=VT-EMPLOYEE))