NonStop Servlets for JavaServer Pages (NSJSP) 6.1 System Administrator's Guide
Security Considerations
NonStop Servlets for JavaServer Pages (NSJSP) 6.1 System Administrator’s Guide—596210-006
8-13
Realms
connectionURL Specifies the connection URL that is passed to the JNDI driver
while establishing a connection to the directory.
contextFactory Specifies the fully qualified Java class name of the factory class
that is used to acquire the JNDI InitialContext. By default,
JNDIRealm considers that the standard JNDI LDAP provider is
utilized.
derefAliases Specifies how aliases must be dereferenced during search
operations. The permitted values are always, never, finding,
and searching. If this attribute is not specified, always is
used.
digest Specifies the digest algorithm to be applied to the plain text
password offered by the user before comparing it with the value
retrieved from the directory. The valid values for digest are
those accepted for the algorithm name by the
java.security.MessageDigest class. If this attribute is not
specified, the plain text password is considered to be retrieved.
The digest attribute is not required unless userPassword is
specified.
protocol Specifies the security protocol. If this attribute is not specified,
the protocol defined by the provider is used by default.
referrals Specifies whether to follow referrals. The permitted values are
ignore, follow, or throw. For more information on referrals,
see javax.naming.Context.REFERRAL. The Microsoft
Active Directory often returns referrals. To follow AD referrals, set
referrals to follow.
Warning: If your DNS server is not part of an AD, the LDAP
client library might try to resolve your domain name in the DNS
to find another LDAP server.
roleBase Specifies the base directory entry for searching roles. If this
attribute is not specified, the top-level element in the directory
context is used.
roleName Specifies the name of the attribute that contains role names in
the directory entries found by a role search. Additionally, you can
use the userRoleName property to specify in the user’s entry,
the name of an attribute that contains additional role names. If
the roleName attribute is not specified, a role search does not
occur and roles are obtained only from the user's entry.
roleSearch Specifies the LDAP filter expression used for performing role
searches. You can use {0} to substitute the distinguished name
of the user and {1} to substitute the username. If this attribute is
not specified, a role search does not occur and roles are taken
only from the userRoleName attribute in the user's entry.
Table 8-1. Attributes in the JNDIRealm (page 2 of 3)
Attribute Description