User guide
UI name CLI name
(Provider.cfg)
Description and requirements
- - -
Note that by default, if no groups are added to the
tenant user mapping, users from any groups are
accepted, regardless of the whitelist configuration.
Active Directory only. Does not apply to other
authentication providers.
Search Scope searchscope One Level (search for users one level under the
search base) or Subtree (search the entire subtree
under the search base).
Search Base searchbase Indicates the Base Distinguished Name that ViPR
uses to search for users at login time and when
assigning roles or setting ACLs.
Example:
CN=Users,DC=mydomaincontroller,DC=com
This example searches for all users in the Users
container.
Example:
CN=Users,OU=myGroup,DC=mydomaincontroller,
DC=com
This example searches for all users in the Users
container in the myGroup organization unit.
Note that the structure of the searchbase value
begins with the "leaf" level and goes up to the
domain controller level--the reverse of the structure
seen in the Active Directory Users and Computers
UI.
Search Filter
searchfilter Indicates the string used to select subsets of
users. Example: userPrincipalName=%u
Note
ViPR does not validate this value when you add the
authentication provider.
(not applicable) maxpagesize Value that controls the maximum number of
objects returned in a single search result. This is
independent of size of the each returned object. If
specified must be greater than 0. Cannot be higher
than the max page size configured on the
authentication provider.
(not applicable) validatecertificate When ldaps protocol is used, SSL validates the
certificate from the authentication provider.
Default is false. If set to true, the LDAP needs to
have a valid CA certificate.
Initial Configuration of ViPR Virtual Appliance
44 EMC ViPR 1.1.0 Installation and Configuration Guide