NonStop Servlets for JavaServer Pages (NSJSP) 6.1 System Administrator's Guide

ManualsBrandsHP ManualsServerHP Integrity NonStop J-Series

361

362

363

364

365

366

367

368

369

370

Security Considerations

NonStop Servlets for JavaServer Pages (NSJSP) 6.1 System Administrator’s Guide—596210-006

8-14

Realms

roleSubtree Specifies whether multiple levels under the node specified by

roleBase must be searched. You can set this attribute to true

to search the entire subtree of the element specified by the

roleBase property, for role entries associated with the user.

The default value (false) results in searches of the top level

subtree.

userBase Specifies the base element for user searches performed using

the userSearch expression. This attribute is not used if you are

using the userPattern expression.

userPassword Specifies the name of the attribute in the user's entry containing

the user's password. If you specify a value for this attribute, the

JNDIRealm binds to the directory using the values specified by

connectionName and connectionPassword properties, and

retrieves the corresponding attribute for comparison with the

value specified by the user. If you do not specify this value, the

JNDIRealm attempts a simple bind to the directory using the DN

of the user's entry and the password presented by the user. If the

bind is successful, the user is considered to be authenticated.

userPattern Specifies the pattern for the distinguished name of the user's

directory entry. A {0} marks where the actual username must be

inserted. You can use this attribute instead of userSearch,

userSubtree and userBase when the distinguished name

contains the username and is otherwise the same for all users.

userRoleName Specifies the name of an attribute in the user's directory entry

that contains zero or more values for the names of roles

assigned to this user. Additionally, you can use the roleName

attribute to specify the name of an attribute to be retrieved from

individual role entries, which were obtained by searching the

directory. If this attribute is not specified, all the roles for a user

are derived from the role search.

userSearch Specifies the LDAP filter expression to use, when searching the

user's directory entry. A {0} marks where the actual username

must be inserted. You can use this attribute (along with the

userBase and userSubtree properties) instead of

userPattern to search the directory for the user's entry.

userSubtree Specifies whether multiple levels under the node specified by

userBase must be searched. You can set this attribute to true

if you want to search the entire subtree of the element specified

by the userBase property for the user's entry. The default value

(false) results in searching only the top level subtree. This

attribute is not used if you use the userPattern expression.

Table 8-1. Attributes in the JNDIRealm (page 3 of 3)

Attribute Description