Directory Configuration: Sample Directory Configurations 
The following are examples of directory configurations.
Local Directory
Use this configuration when connecting to a real LDAP server is impossible, inconvenient, or undesired.
Property |
Setting |
|---|---|
External ID |
Enabled |
Display Name |
Disabled |
Usage |
Active Buyside |
Driver |
Local |
Directory Username |
Enter any text, such as n/a |
Directory Password |
Enter any text, such as n/a |
UID Schema |
No value is needed |
Changeable Passwords |
Enabled |
Expired Passwords |
Enabled |
New Accounts |
Enabled |
Browsing |
Disabled |
All Controls |
Disabled |
Properties |
No values are needed |
iPlanet Using Search-based Authentication
Use this configuration when connecting to an iPlanet Directory Server configured to use a search-based authentication using stored credentials of a master user.
Property |
Setting |
|---|---|
External ID |
dir.development.buyside |
Display Name |
Development Buyside Directory |
Usage |
Active Buyside |
Driver |
LDAP - iPlanet Directory Server |
Base DN |
ou=purchasers,dc=frictionless,dc=com |
Directory Username |
cn=Directory Manager |
Directory Password |
Enter valid password of Master user |
UserId Attribute |
uid |
Password Attribute |
userpassword |
Base Search DN |
ou=purchasers,dc=frictionless,dc=com |
Browse Filter |
(|(&(objectclass=person)(|(uid=*<%SEARCH_KEYWORD%>*)(cn=*<%SEARCH_KEYWORD%>*)(mail=*<%SEARCH_KEYWORD%>*)(telephonenumber=*<%SEARCH_KEYWORD%>*)))) |
Lookup Filter |
(&(objectclass=person)(uid=<%CURRENT_USER_NAME%>)) |
Changeable Passwords |
Enabled |
Expired Passwords |
Enabled |
New Accounts |
Enabled |
Browsing |
Enabled |
Expand Groups |
Enabled |
Lookup via Search |
Enabled |
Browse Using Stored Credentials |
Enabled |
Properties |
schema_passwordExpirationTime=passwordexpirationtime password_warning_threshold = 7 |
Active Directory Using Direct Lookup
Use this configuration when connecting to an MS Active Directory configured to use a direct lookup authentication.
Property |
Setting |
|---|---|
External ID |
dir.purchasing.internal |
Display Name |
Internal Purchasers Directory |
Usage |
Active Buyside |
Driver |
LDAP SDK - Microsoft Directory Server |
Base DN |
cn=users,dc=domain,dc=company,dc=com |
Directory Username |
No value is needed |
Directory Password |
No value is needed |
UserId Attribute |
sAMAccountName |
Password Attribute |
userpassword |
Base Search DN |
cn=users,dc=domain,dc=company,dc=com |
Browse Filter |
(|(&(objectclass=person)(|(sAMAccountName=*<%SEARCH_KEYWORD%>*)(cn=*<%SEARCH_KEYWORD%>*)(mail=*<%SEARCH_KEYWORD%>*)))) |
Lookup Filter |
(&(objectclass=person)(sAMAccountName=*<%CURRENT_USER_NAME%>*)) |
New Accounts |
Enabled |
Browsing |
Enabled |
Password Expiration |
Enabled |
Expand Groups |
Enabled |
Use Full DN |
Enabled |
Properties |
schema_passwordExpirationTime=accountExpiresdomain_dn = dc=domain,dc=company,dc=compassword_warning_threshold = 7 |
Active Directory with UPN Login Names
Use this configuration when connecting to an MS Active Directory configured to use a direct lookup authentication via UPN userPrincipalName.
Example
user@domain.company.com
Property |
Setting |
|---|---|
External ID |
dir.purchasing.purchasers |
Display Name |
Internal Purchasers Directory |
Usage |
Active Buyside |
Driver |
LDAP SDK - Microsoft Directory Server |
Base DN |
cn=users,dc=domain,dc=company,dc=com |
Directory Username |
No value is needed |
Directory Password |
No value is needed |
UserId Attribute |
userPrincipalName |
Password Attribute |
userpassword |
Base Search DN |
cn=users,dc=domain,dc=company,dc=com |
Browse Filter |
(|(&(objectclass=person)(|(sAMAccountName=*<%SEARCH_KEYWORD%>*)(cn=*<%SEARCH_KEYWORD%>*)(mail=*<%SEARCH_KEYWORD%>*)))) |
Lookup Filter |
(&(objectclass=person)(userPrincipalName=<%CURRENT_USER_NAME%>)) |
New Accounts |
Enabled |
Browsing |
Enabled |
Password Expiration |
Enabled |
Expand Groups |
Enabled |
UPN Login Names |
Enabled |
Properties |
schema_passwordExpirationTime=accountExpiresdomain_dn = dc=domain,dc=company,dc=compassword_warning_threshold = 7 |
iPlanet Using Group-Based Lookup
Use this configuration when connecting to an iPlanet directory configured to use a direct lookup authentication.
Property |
Setting |
|---|---|
External ID |
dir.purchasing.purchasers.exec |
Display Name |
Executive Purchasers Directory |
Usage |
Active Buyside |
Driver |
LDAP - iPlanet Directory Server |
Base DN |
ou=purchasers,dc=company,dc=com |
Directory Username |
cn=Directory Manager |
Directory Password |
Enter password of master user |
UserId Attribute |
uid |
Password Attribute |
userpassword |
Base Search DN |
ou=purchasers,dc=company,dc=com |
Browse Filter |
(|(&(objectclass=person)(|(uid=*<%SEARCH_KEYWORD%>*)(cn=*<%SEARCH_KEYWORD%>*)(mail=*<%SEARCH_KEYWORD%>*)))(&(objectclass=group)(cn=exec-purchasers)) |
Lookup Filter |
(|(&(objectclass=person)(uid=<%CURRENT_USER_NAME%>))(&(objectclass=group)(cn=exec-purchasers)(member=<%CURRENT_USER_NAME%>))) |
Changeable Passwords |
Enabled |
Expired Passwords |
Enabled |
New Accounts |
Enabled |
Browsing |
Enabled |
Expand Groups |
Enabled |
Lookup via Search |
Enabled |
Browse Using Stored Credentials |
Enabled |
Properties |
schema_passwordExpirationTime=passwordexpirationtime |