LDAP System Properties

You can modify LDAP system properties to reset some elements of your LDAP configuration.

These settings are for expert users. To use system properties, go to System > Management > System Properties. Restart your instance after making any system property changes.
Table 1.
Property Meaning Sample Value(s)
ldap.serverType.id* The type of LDAP instance 2=AD, 3=openLDAP, 4=other
ldap.host* The hostname of IP address of the LDAP server ldap.jive.com
ldap.port* The port number of the LDAP server 389 (default) or 636 (SSL)
ldap.usernameField* The LDAP field name used to look up username values uid
ldap.baseDN* The Distinguished Name of the base of your LDAP tree DC=support,DC=jive,DC=com
ldap.nameField^ The element key for the name attribute cn
ldap.firstNameField^ The element key for the First Name attribute givenName
ldap.lastNameField^ The element key for the Surname attribute sn
ldap.emailField* The element key for the Email attribute mail
ldap.connectionPoolEnabled Specifies whether to enable connection pooling. See http://download.oracle.com/javase/jndi/tutorial/ldap/connect/config.html true
ldap.followReferrals Specifies whether LDAP queries will follow referrals. This property should always be set to true for Active Directory. true
ldap.adminDN* The DN for the LDAP admin user. This user does not need to be a Jive user. CN=AdminMan,OU=Domain Users,DC=support,DC=jive,DC=com
ldap.adminPassword* The encrypted password for the LDAP admin a54313f2d3bc98fb5234566995246c7
ldap.adminPassword.key* The key used to encrypt the admin password.  
ldap.adminPassword.encrypted* Specifies whether or not the Admin password is encrypted. This property should always be set to true. true
ldap.ldapDebugEnabled Specifies whether LDAP debug logging is on.
CAUTION:
If ldap.ldapDebugEnabled is on (true), LDAP traffic can be logged, and user passwords can be printed in plain text to the application's sbs.out log file if connections to LDAP are unecrypted, i.e., non-SSL. It is your responsibility to ensure that your LDAP communication runs over an SSL connection.
Important: LDAP logging is extremely verbose and should never be used in production unless Support recommends it. Using debug mode can cause serious performance problems or system failure.
false
ldap.sslEnabled Specifies whether to use an SSL connection to communicate with the LDAP server. false
ldap.initialContextFactory    
ldap.searchFilter The filter applied to a remote directory when searching for users  
ldap.groupNameField The field that maps a group to its CN in LDAP. cn
ldap.groupMemberField The field that maps a group to its members. member
ldap.groupDescriptionField The field that maps a description of a group. description
ldap.posixMode Specifies whether to connect to LDAP in POSIX mode. POSIX groups store their member associations by common name (CN) rather than full distinguished name (DN). false
ldap.posixEnabled Specifies whether to connect to LDAP in POSIX mode. POSIX groups store their member associations by common name (CN) rather than full distinguished name (DN). false
ldap.groupSearchFilter^ The filter applied to a remote directory when searching for groups. (objectClass=group)
ldap.managerField Maps the DN of a user's manager. Used when syncing relationship fields. manager
ldap.photoField Maps a photo to a user's profile. photo
ldap.lastUpdatedField Used to check if an LDAP record has been updated since the most recent sync. creationdate
ldap.userGroupMember^ The field that maps a user to a group. This is a user attribute. memberOf
ldap.userDN^ A RDN (relative to the baseDN) which contains users to sync to SBS. ou=People
jive.sync.user.ldap Specifies whether user synchronizations are enabled. true
jive.sync.relationships.ldap Specifies whether user relationships are synchronized from LDAP. false
jive.sync.profile.ldap.photo Specifies whether profile photos are synchronized from LDAP. false
jive.sync.profile.ldap.login Specifies whether profiles are synchronized at login. false
jive.sync.auto.disable Specifies whether Jive should disable user accounts which cannot be found in the LDAP directory.  
jive.sync.auto.disable.att.name The name of the attribute which indicates whether or not an account is disabled in LDAP. userAccountControl
jive.sync.auto.disable.att.value In Active Directory, use Microsoft article 305144 as a reference for setting user account properties. You can also set up a bit-specific filter such as: userAccountControl:1.2.840.113556.1.4.803:=2 514 (see link)
jive.usernames.case.insensitive Setting to false makes case sensitive comparisons when users register or log in, for example, bbrag is a different user than BBragg. When set to true, there is no disctinction between bbragg and BBragg. You may need to set this property to false when existing usernames in your Lightweight Directory Access Protocol (LDAP), Active Directory (AD), or single sign on (SSO) are case sensitive. true
GroupManager.className Controls whether or not permission groups are synchronized from LDAP. com.jivesoftware.base.ldap.LdapGroupManager (for LDAP groups) com.jivesoftware.base.database.DbGroupManager (default group manager)