NonStop Servlets for JavaServer Pages (NSJSP) 6.1 System Administrator's Guide

ManualsBrandsHP ManualsServerHP Integrity NonStop J-Series

361

362

363

364

365

366

367

368

369

370

Security Considerations

NonStop Servlets for JavaServer Pages (NSJSP) 6.1 System Administrator’s Guide—596210-006

8-12

Realms



roleSearch - Specifies the LDAP search filter for selecting role entries. It

optionally includes pattern replacements for either the distinguished name

({0}) or the username ({1}) of the authenticated user, or both of them.



roleName - Specifies the attribute in a role entry containing the name of that

role.



Roles as an attribute of the user entry

You can specify role names as the values of an attribute in the user's directory

entry. Use userRoleName to specify the name of this attribute.

JNDIRealm Attributes

Table 8-1 lists the attributes that can be used in the JNDIRealm.

Table 8-1. Attributes in the JNDIRealm (page 1 of 3)

Attribute Description

adCompat Specifies whether the JNDIRealm must ignore exceptions.

The Microsoft Active Directory (AD) often returns referrals. When

iterating over NamingEnumerations, these iterations lead to

PartialResultExceptions. If you want JNDIRealm to ignore

those exceptions, set this attribute to true. There is no stable

way to detect if the exceptions arrived from an AD referral. The

default value for adCompat is false.

alternateURL Specifies the alternate URL to use if the JNDIRealm cannot

make a socket connection to the provider at the

connectionURL.

authentication Specifies the type of authentication. The values are none,

simple, strong or a provider-specific definition. If a value is

not specified, the provider’s default value is used.

commonRole Specifies a role name assigned to each successfully

authenticated user in addition to the roles retrieved from LDAP. If

this attribute is not specified, only the roles retrieved from LDAP

are used.

connectionName Specifies the directory username when establishing a connection

to the directory for LDAP search operations. If this attribute is not

specified, the JNDIRealm makes an anonymous connection that

is sufficient unless you specify the userPassword property.

connectionPassword Specifies the directory password while establishing a connection

to the directory for LDAP search operations. If this attribute is not

specified, the JNDIRealm makes an anonymous connection that

is sufficient unless you specify the userPassword property.

connectionTimeout Specifies the timeout (in milliseconds) while establishing the

connection to the LDAP directory. If this attribute is not specified,

a timeout value of 5000 (5 seconds) is used.