auth.server.type

Type of an authentication server.

Specify ldap.

Required

None

auth.server.name

The name of an authentication server.

When registering a primary and secondary server, use a comma (,) to separate the names. The name of the server, including the primary name, secondary name, and the comma (1 byte) must be 64 bytes or less.

The names can use all ASCII code characters except for the following:\ / : , ; * ? " < > | $ % & ' ˜

In this manual, the value specified here is called <server_ name> hereafter.

Required

None

auth.group.mapping

Information about whether to work together with an authorization server

• true: Works together

• false: Does not work together

Optional

false

auth.ldap.<server_name>.protocol

LDAP protocol to use.

• ldaps: Uses LDAP over SSL/TLS

• starttls: Uses StartTLS.

When you specify "true" to auth.ldap.<server_name>.dns_lookup, specify ldaps.

Required

None

auth.ldap.<server_name>.host

A host name, an IPv4 address or an IPv6 address of the LDAP server. An IPv6 address must be enclosed in square brackets []. To use StartTLS as a protocol, specify a host name.

If this value is specified, auth. ldap. <server_name>.dns_lookup will be ignored

Optional¹

None

auth.ldap.<server_name>.port

A port number of the LDAP server

Must be between 1 and 65535²

Optional

389

auth.ldap.<server_name>.timeout

The number of seconds before the connection to the LDAP server times out. It must be between 1 and 30².

Required

10

auth.ldap.<server_name>.attr

Attribute name to identify a user (such as a user ID).

• Hierarchical model: An attribute name where the value that can identify a user is stored

• Flat model: An attribute name for a user entry's RDN

sAMAccountName is used for Active Directory.

Required

None

auth.ldap.<server_name>.searchdn

DN of the user for searching. If omitted, [value_of_attr]=[Login_ID],[value_of _basedn] will be used for bind authentication.³

Optional

None

auth.ldap.<server_name>.searchpw

User password that is used for searching.

Specify the same password that is registered in the LDAP server.

Required

None

auth.ldap.<server_name>.basedn

BaseDN for searching for users to authenticate³

• Hierarchical model: DN of hierarchy that includes all the targeted users for searching

• Flat model: DN of hierarchy that is one level up of the targeted user for searching

Required

None

auth.ldap.<server_name>.retry.interval

Retry the interval in seconds when the connection to the LDAP server fails. Must be between 1 and 5².

Optional

1

auth.ldap.<server_name>.retry.times

Retry times when the connection to the LDAP server fails.

Must be between 0 and 3. 0 means no retry.²

Optional

3

auth.ldap.<server_name>.domain.name

A domain name that the LDAP server manages

Required

None

auth.ldap.<server_name>.dns_lookup

Information about whether to search the LDAP server with the information registered in the SRV records in the DNS server.

• true: Searches with the information registered in the SRV records in the DNS server

• false: Searches with the host name and port number

When "host" and "port" are specified, the LDAP server is not searched with the information registered in the SRV records by specifying "true".

Optional

false

Notes:

1. The item can be omitted if true is specified for "auth.ldap.<server_name>.dns_lookup".

2. If the specified value is not valid, the default value will be used.

3. To use symbols such as + ; , < = and >, enter a backslash (\) before each symbol. When using multiple symbols, each symbol must have a backslash before it. For example, to enter abc++ in the searchdn field, use \+ instead of + as shown here: abc\+\+

To enter \ , /, or ", enter a backslash and then the ASCII code in hex for these symbols.

• Enter \5c for \.

• Enter \2f for /.

• Enter \22 for ".

For example, to enter abc\ in the searchdn field, enter abc\5c