?i»?
Your IP : 3.147.74.27
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>The LDAP configuration API — Nextcloud 13 Administration Manual 13 documentation</title>
<link rel="stylesheet" href="../_static/" type="text/css" />
<link rel="stylesheet" href="../_static/pygments.css" type="text/css" />
<link rel="stylesheet" href="../_static/main.min.css" type="text/css" />
<link rel="stylesheet" href="../_static/styles.css" type="text/css" />
<script type="text/javascript">
var DOCUMENTATION_OPTIONS = {
URL_ROOT: '../',
VERSION: '13',
COLLAPSE_INDEX: false,
FILE_SUFFIX: '.html',
HAS_SOURCE: true
};
</script>
<script type="text/javascript" src="../_static/jquery.js"></script>
<script type="text/javascript" src="../_static/underscore.js"></script>
<script type="text/javascript" src="../_static/doctools.js"></script>
<script type="text/javascript" src="../_static/js/jquery-1.11.0.min.js"></script>
<script type="text/javascript" src="../_static/js/jquery-fix.js"></script>
<script type="text/javascript" src="../_static/bootstrap-3.1.0/js/bootstrap.min.js"></script>
<script type="text/javascript" src="../_static/bootstrap-sphinx.js"></script>
<link rel="top" title="Nextcloud 13 Administration Manual 13 documentation" href="../contents.html" />
<link rel="up" title="User management" href="index.html" />
<link rel="next" title="User provisioning API" href="user_provisioning_api.html" />
<link rel="prev" title="LDAP user cleanup" href="user_auth_ldap_cleanup.html" />
<meta charset='utf-8'>
<meta http-equiv='X-UA-Compatible' content='IE=edge,chrome=1'>
<meta name='viewport' content='width=device-width, initial-scale=1.0, maximum-scale=1'>
<meta name="apple-mobile-web-app-capable" content="yes">
<meta name="theme-color" content="#1d2d44">
</head>
<body role="document">
<div class="wrap container not-front">
<div class="content row">
<main class="main">
<div class="row">
<div class="col-md-3">
<div class="sidebar">
<h1>Nextcloud 13 Administration Manual</h1>
<div class="sidebar-search">
<form class="headersearch" action="../search.html" method="get">
<input type="text" value="" name="q" id="q" class="form-control" />
<button class="btn btn-default" type="submit" id="searchsubmit">Search</button>
</form>
</div>
<div class="menu-support-container">
<ul id="menu-support" class="menu">
<ul>
<li><a href="../contents.html">Table of Contents</a></li>
</ul>
<ul class="current">
<li class="toctree-l1"><a class="reference internal" href="../index.html">Introduction</a></li>
<li class="toctree-l1"><a class="reference internal" href="../release_notes.html">Release notes</a></li>
<li class="toctree-l1"><a class="reference internal" href="../installation/index.html">Installation</a></li>
<li class="toctree-l1"><a class="reference internal" href="../configuration_server/index.html">Server configuration</a></li>
<li class="toctree-l1 current"><a class="reference internal" href="index.html">User management</a><ul class="current">
<li class="toctree-l2"><a class="reference internal" href="user_configuration.html">User management</a></li>
<li class="toctree-l2"><a class="reference internal" href="reset_admin_password.html">Resetting a lost admin password</a></li>
<li class="toctree-l2"><a class="reference internal" href="reset_user_password.html">Resetting a user password</a></li>
<li class="toctree-l2"><a class="reference internal" href="user_password_policy.html">User password policy</a></li>
<li class="toctree-l2"><a class="reference internal" href="two_factor-auth.html">Two factor authentication</a></li>
<li class="toctree-l2"><a class="reference internal" href="user_auth_ftp_smb_imap.html">User authentication with IMAP, SMB, and FTP</a></li>
<li class="toctree-l2"><a class="reference internal" href="user_auth_ldap.html">User authentication with LDAP</a></li>
<li class="toctree-l2"><a class="reference internal" href="user_auth_ldap_cleanup.html">LDAP user cleanup</a></li>
<li class="toctree-l2 current"><a class="current reference internal" href="">The LDAP configuration API</a><ul>
<li class="toctree-l3"><a class="reference internal" href="#creating-a-configuration">Creating a configuration</a></li>
<li class="toctree-l3"><a class="reference internal" href="#deleting-a-configuration">Deleting a configuration</a></li>
<li class="toctree-l3"><a class="reference internal" href="#reading-a-configuration">Reading a configuration</a></li>
<li class="toctree-l3"><a class="reference internal" href="#modifying-a-configuration">Modifying a configuration</a></li>
<li class="toctree-l3"><a class="reference internal" href="#configuration-keys">Configuration keys</a></li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="user_provisioning_api.html">User provisioning API</a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../configuration_files/index.html">File sharing and management</a></li>
<li class="toctree-l1"><a class="reference internal" href="../file_workflows/index.html">File workflows</a></li>
<li class="toctree-l1"><a class="reference internal" href="../configuration_database/index.html">Database configuration</a></li>
<li class="toctree-l1"><a class="reference internal" href="../configuration_mimetypes/index.html">Mimetypes management</a></li>
<li class="toctree-l1"><a class="reference internal" href="../maintenance/index.html">Maintenance</a></li>
<li class="toctree-l1"><a class="reference internal" href="../issues/index.html">Issues and troubleshooting</a></li>
</ul>
</ul>
</div>
</div>
</div>
<div class="col-md-9">
<div class="page-content">
<ul class="prevnext-title list-unstyled list-inline">
<li class="prev">
<a href="user_auth_ldap_cleanup.html" title="Previous Chapter: LDAP user cleanup"><span class="glyphicon glyphicon-chevron-left visible-sm"></span><span class="hidden-sm">« LDAP user cleanup</span>
</a>
</li>
<li class="next">
<a href="user_provisioning_api.html" title="Next Chapter: User provisioning API"><span class="glyphicon glyphicon-chevron-right visible-sm"></span><span class="hidden-sm">User provisioning API »</span>
</a>
</li>
</ul>
<div class="section" id="the-ldap-configuration-api">
<h1>The LDAP configuration API<a class="headerlink" href="#the-ldap-configuration-api" title="Permalink to this headline">ΒΆ</a></h1>
<p>All methods require that the “OCS-APIREQUEST” header be set to “true”. Methods take an optional “format” parameter, which may be “xml” (the default) or “json”.</p>
<div class="section" id="creating-a-configuration">
<h2>Creating a configuration<a class="headerlink" href="#creating-a-configuration" title="Permalink to this headline">ΒΆ</a></h2>
<p>Creates a new and empty LDAP configuration. It returns its ID. Authentication is done by sending a
basic HTTP authentication header.</p>
<p><strong>Syntax: ocs/v2.php/apps/user_ldap/api/v1/config</strong></p>
<ul class="simple">
<li>HTTP method: POST</li>
</ul>
<div class="section" id="example">
<h3>Example<a class="headerlink" href="#example" title="Permalink to this headline">ΒΆ</a></h3>
<ul class="simple">
<li>POST <code class="docutils literal"><span class="pre">https://admin:secret@example.com/ocs/v2.php/apps/user_ldap/api/v1/config</span></code> -H “OCS-APIREQUEST: true”</li>
<li>Creates a new, empty configuration</li>
</ul>
</div>
<div class="section" id="xml-output">
<h3>XML output<a class="headerlink" href="#xml-output" title="Permalink to this headline">ΒΆ</a></h3>
<div class="highlight-xml"><div class="highlight"><pre><span class="cp"><?xml version="1.0"?></span>
<span class="nt"><ocs></span>
<span class="nt"><meta></span>
<span class="nt"><status></span>ok<span class="nt"></status></span>
<span class="nt"><statuscode></span>200<span class="nt"></statuscode></span>
<span class="nt"><message></span>OK<span class="nt"></message></span>
<span class="nt"></meta></span>
<span class="nt"><data></span>
<span class="nt"><configID></span>s01<span class="nt"></configID></span>
<span class="nt"></data></span>
<span class="nt"></ocs></span>
</pre></div>
</div>
</div>
</div>
<div class="section" id="deleting-a-configuration">
<h2>Deleting a configuration<a class="headerlink" href="#deleting-a-configuration" title="Permalink to this headline">ΒΆ</a></h2>
<p>Deletes a given LDAP configuration. Authentication is done by sending a basic HTTP authentication header.</p>
<p><strong>Syntax: ocs/v2.php/apps/user_ldap/api/v1/config/{configID}</strong></p>
<ul class="simple">
<li>HTTP method: DELETE</li>
</ul>
<div class="section" id="id1">
<h3>Example<a class="headerlink" href="#id1" title="Permalink to this headline">ΒΆ</a></h3>
<ul class="simple">
<li>DELETE <code class="docutils literal"><span class="pre">https://admin:secret@example.com/ocs/v2.php/apps/user_ldap/api/v1/config/s02</span> <span class="pre">-H</span> <span class="pre">"OCS-APIREQUEST:</span> <span class="pre">true"</span></code></li>
<li>deletes the LDAP configuration</li>
</ul>
</div>
<div class="section" id="id2">
<h3>XML output<a class="headerlink" href="#id2" title="Permalink to this headline">ΒΆ</a></h3>
<div class="highlight-xml"><div class="highlight"><pre><span class="cp"><?xml version="1.0"?></span>
<span class="nt"><ocs></span>
<span class="nt"><meta></span>
<span class="nt"><status></span>ok<span class="nt"></status></span>
<span class="nt"><statuscode></span>200<span class="nt"></statuscode></span>
<span class="nt"><message></span>OK<span class="nt"></message></span>
<span class="nt"></meta></span>
<span class="nt"><data/></span>
<span class="nt"></ocs></span>
</pre></div>
</div>
</div>
</div>
<div class="section" id="reading-a-configuration">
<h2>Reading a configuration<a class="headerlink" href="#reading-a-configuration" title="Permalink to this headline">ΒΆ</a></h2>
<p>Returns all keys and values of the specified LDAP configuration. Authentication is done by sending a basic HTTP authentication header.</p>
<p><strong>Syntax: ocs/v2.php/apps/user_ldap/api/v1/config/{configID}</strong></p>
<ul class="simple">
<li>HTTP method: GET</li>
<li>url argument: showPassword - int, optional, default 0, whether to return the password in clear text</li>
</ul>
<div class="section" id="id3">
<h3>Example<a class="headerlink" href="#id3" title="Permalink to this headline">ΒΆ</a></h3>
<ul class="simple">
<li>GET <code class="docutils literal"><span class="pre">https://admin:secret@example.com/ocs/v2.php/apps/user_ldap/api/v1/config/s02?showPassword=1</span> <span class="pre">-H</span> <span class="pre">"OCS-APIREQUEST:</span> <span class="pre">true"</span></code></li>
<li>fetches the LDAP configuration</li>
</ul>
</div>
<div class="section" id="id4">
<h3>XML output<a class="headerlink" href="#id4" title="Permalink to this headline">ΒΆ</a></h3>
<div class="highlight-xml"><div class="highlight"><pre><span class="cp"><?xml version="1.0"?></span>
<span class="nt"><ocs></span>
<span class="nt"><meta></span>
<span class="nt"><status></span>ok<span class="nt"></status></span>
<span class="nt"><statuscode></span>200<span class="nt"></statuscode></span>
<span class="nt"><message></span>OK<span class="nt"></message></span>
<span class="nt"></meta></span>
<span class="nt"><data></span>
<span class="nt"><ldapHost></span>ldap://ldap.server.tld<span class="nt"></ldapHost></span>
<span class="nt"><ldapPort></span>389<span class="nt"></ldapPort></span>
<span class="nt"><ldapBackupHost></ldapBackupHost></span>
<span class="nt"><ldapBackupPort></ldapBackupPort></span>
<span class="nt"><ldapBase></span>ou=Department XLII,dc=example,dc=com<span class="nt"></ldapBase></span>
<span class="nt"><ldapBaseUsers></span>ou=users,ou=Department XLII,dc=example,dc=com<span class="nt"></ldapBaseUsers></span>
<span class="nt"><ldapBaseGroups></span>ou=Department XLII,dc=example,dc=com<span class="nt"></ldapBaseGroups></span>
<span class="nt"><ldapAgentName></span>cn=root,dc=example,dc=com<span class="nt"></ldapAgentName></span>
<span class="nt"><ldapAgentPassword></span>Secret<span class="nt"></ldapAgentPassword></span>
<span class="nt"><ldapTLS></span>1<span class="nt"></ldapTLS></span>
<span class="nt"><turnOffCertCheck></span>0<span class="nt"></turnOffCertCheck></span>
<span class="nt"><ldapIgnoreNamingRules/></span>
<span class="nt"><ldapUserDisplayName></span>displayname<span class="nt"></ldapUserDisplayName></span>
<span class="nt"><ldapUserDisplayName2></span>uid<span class="nt"></ldapUserDisplayName2></span>
<span class="nt"><ldapGidNumber></span>gidNumber<span class="nt"></ldapGidNumber></span>
<span class="nt"><ldapUserFilterObjectclass></span>inetOrgPerson<span class="nt"></ldapUserFilterObjectclass></span>
<span class="nt"><ldapUserFilterGroups></ldapUserFilterGroups></span>
<span class="nt"><ldapUserFilter></span>(<span class="ni">&amp;</span>(objectclass=nextcloudUser)(nextcloudEnabled=TRUE))<span class="nt"></ldapUserFilter></span>
<span class="nt"><ldapUserFilterMode></span>1<span class="nt"></ldapUserFilterMode></span>
<span class="nt"><ldapGroupFilter></span>(<span class="ni">&amp;</span>(|(objectclass=nextcloudGroup)))<span class="nt"></ldapGroupFilter></span>
<span class="nt"><ldapGroupFilterMode></span>0<span class="nt"></ldapGroupFilterMode></span>
<span class="nt"><ldapGroupFilterObjectclass></span>nextcloudGroup<span class="nt"></ldapGroupFilterObjectclass></span>
<span class="nt"><ldapGroupFilterGroups></ldapGroupFilterGroups></span>
<span class="nt"><ldapGroupMemberAssocAttr></span>memberUid<span class="nt"></ldapGroupMemberAssocAttr></span>
<span class="nt"><ldapGroupDisplayName></span>cn<span class="nt"></ldapGroupDisplayName></span>
<span class="nt"><ldapLoginFilter></span>(<span class="ni">&amp;</span>(|(objectclass=inetOrgPerson))(uid=%uid))<span class="nt"></ldapLoginFilter></span>
<span class="nt"><ldapLoginFilterMode></span>0<span class="nt"></ldapLoginFilterMode></span>
<span class="nt"><ldapLoginFilterEmail></span>0<span class="nt"></ldapLoginFilterEmail></span>
<span class="nt"><ldapLoginFilterUsername></span>1<span class="nt"></ldapLoginFilterUsername></span>
<span class="nt"><ldapLoginFilterAttributes></ldapLoginFilterAttributes></span>
<span class="nt"><ldapQuotaAttribute></ldapQuotaAttribute></span>
<span class="nt"><ldapQuotaDefault></span>20 MB<span class="nt"></ldapQuotaDefault></span>
<span class="nt"><ldapEmailAttribute></span>mail<span class="nt"></ldapEmailAttribute></span>
<span class="nt"><ldapCacheTTL></span>600<span class="nt"></ldapCacheTTL></span>
<span class="nt"><ldapUuidUserAttribute></span>auto<span class="nt"></ldapUuidUserAttribute></span>
<span class="nt"><ldapUuidGroupAttribute></span>auto<span class="nt"></ldapUuidGroupAttribute></span>
<span class="nt"><ldapOverrideMainServer></ldapOverrideMainServer></span>
<span class="nt"><ldapConfigurationActive></span>1<span class="nt"></ldapConfigurationActive></span>
<span class="nt"><ldapAttributesForUserSearch></span>uid;sn;givenname<span class="nt"></ldapAttributesForUserSearch></span>
<span class="nt"><ldapAttributesForGroupSearch></ldapAttributesForGroupSearch></span>
<span class="nt"><ldapExperiencedAdmin></span>0<span class="nt"></ldapExperiencedAdmin></span>
<span class="nt"><homeFolderNamingRule></span>attr:mail<span class="nt"></homeFolderNamingRule></span>
<span class="nt"><hasPagedResultSupport></hasPagedResultSupport></span>
<span class="nt"><hasMemberOfFilterSupport></span>1<span class="nt"></hasMemberOfFilterSupport></span>
<span class="nt"><useMemberOfToDetectMembership></span>1<span class="nt"></useMemberOfToDetectMembership></span>
<span class="nt"><ldapExpertUsernameAttr></ldapExpertUsernameAttr></span>
<span class="nt"><ldapExpertUUIDUserAttr></ldapExpertUUIDUserAttr></span>
<span class="nt"><ldapExpertUUIDGroupAttr></ldapExpertUUIDGroupAttr></span>
<span class="nt"><lastJpegPhotoLookup></span>0<span class="nt"></lastJpegPhotoLookup></span>
<span class="nt"><ldapNestedGroups></span>0<span class="nt"></ldapNestedGroups></span>
<span class="nt"><ldapPagingSize></span>500<span class="nt"></ldapPagingSize></span>
<span class="nt"><turnOnPasswordChange></span>1<span class="nt"></turnOnPasswordChange></span>
<span class="nt"><ldapDynamicGroupMemberURL></ldapDynamicGroupMemberURL></span>
<span class="nt"><ldapDefaultPPolicyDN></ldapDefaultPPolicyDN></span>
<span class="nt"></data></span>
<span class="nt"></ocs></span>
</pre></div>
</div>
</div>
</div>
<div class="section" id="modifying-a-configuration">
<h2>Modifying a configuration<a class="headerlink" href="#modifying-a-configuration" title="Permalink to this headline">ΒΆ</a></h2>
<p>Updates a configuration with the provided values. Authentication is done by sending a basic HTTP authentication header.</p>
<p><strong>Syntax: ocs/v2.php/apps/user_ldap/api/v1/config/{configID}</strong></p>
<ul class="simple">
<li>HTTP method: PUT</li>
<li>url argument: configData - array, see table below for the fields. All fields are optional. The values must be url-encoded.</li>
</ul>
<div class="section" id="id5">
<h3>Example<a class="headerlink" href="#id5" title="Permalink to this headline">ΒΆ</a></h3>
<ul class="simple">
<li>PUT <code class="docutils literal"><span class="pre">https://admin:secret@example.com/ocs/v2.php/apps/user_ldap/api/v1/config/s01</span> <span class="pre">-H</span> <span class="pre">"OCS-APIREQUEST:</span> <span class="pre">true"</span> <span class="pre">-d</span> <span class="pre">"configData[ldapHost]=ldap%3A%2F%2Fldap.server.tld</span> <span class="pre">&configData[ldapPort]=389"</span></code></li>
<li>fetches the LDAP configuration</li>
</ul>
</div>
<div class="section" id="id6">
<h3>XML output<a class="headerlink" href="#id6" title="Permalink to this headline">ΒΆ</a></h3>
<div class="highlight-xml"><div class="highlight"><pre><span class="cp"><?xml version="1.0"?></span>
<span class="nt"><ocs></span>
<span class="nt"><meta></span>
<span class="nt"><status></span>ok<span class="nt"></status></span>
<span class="nt"><statuscode></span>200<span class="nt"></statuscode></span>
<span class="nt"><message></span>OK<span class="nt"></message></span>
<span class="nt"></meta></span>
<span class="nt"><data/></span>
<span class="nt"></ocs></span>
</pre></div>
</div>
</div>
</div>
<div class="section" id="configuration-keys">
<h2>Configuration keys<a class="headerlink" href="#configuration-keys" title="Permalink to this headline">ΒΆ</a></h2>
<table border="1" class="docutils">
<colgroup>
<col width="19%" />
<col width="4%" />
<col width="6%" />
<col width="72%" />
</colgroup>
<thead valign="bottom">
<tr class="row-odd"><th class="head">Key</th>
<th class="head">Mode</th>
<th class="head">Required</th>
<th class="head">Description</th>
</tr>
</thead>
<tbody valign="top">
<tr class="row-even"><td>ldapHost</td>
<td>rw</td>
<td>yes</td>
<td>LDAP server host, supports protocol</td>
</tr>
<tr class="row-odd"><td>ldapPort</td>
<td>rw</td>
<td>yes</td>
<td>LDAP server port</td>
</tr>
<tr class="row-even"><td>ldapBackupHost</td>
<td>rw</td>
<td>no</td>
<td>LDAP replica host</td>
</tr>
<tr class="row-odd"><td>ldapBackupPort</td>
<td>rw</td>
<td>no</td>
<td>LDAP replica port</td>
</tr>
<tr class="row-even"><td>ldapOverrideMainServer</td>
<td>rw</td>
<td>no</td>
<td>Whether replica should be used instead</td>
</tr>
<tr class="row-odd"><td>ldapBase</td>
<td>rw</td>
<td>yes</td>
<td>Base</td>
</tr>
<tr class="row-even"><td>ldapBaseUsers</td>
<td>rw</td>
<td>no</td>
<td>Base for users, defaults to general base if not specified</td>
</tr>
<tr class="row-odd"><td>ldapBaseGroups</td>
<td>rw</td>
<td>no</td>
<td>Base for groups, defaults to general base if not specified</td>
</tr>
<tr class="row-even"><td>ldapAgentName</td>
<td>rw</td>
<td>no</td>
<td>DN for the (service) user to connect to LDAP</td>
</tr>
<tr class="row-odd"><td>ldapAgentPassword</td>
<td>rw</td>
<td>no</td>
<td>Password for the service user</td>
</tr>
<tr class="row-even"><td>ldapTLS</td>
<td>rw</td>
<td>no</td>
<td>Whether to use StartTLS</td>
</tr>
<tr class="row-odd"><td>turnOffCertCheck</td>
<td>rw</td>
<td>no</td>
<td>Turns off certificate validation for TLS connections</td>
</tr>
<tr class="row-even"><td>ldapIgnoreNamingRules</td>
<td>rw</td>
<td>no</td>
<td>Backwards compatibility, do not set it.</td>
</tr>
<tr class="row-odd"><td>ldapUserDisplayName</td>
<td>rw</td>
<td>yes</td>
<td>Attribute used as display name for users</td>
</tr>
<tr class="row-even"><td>ldapUserDisplayName2</td>
<td>rw</td>
<td>no</td>
<td>Additional attribute, if set show on brackets next to the main attribute</td>
</tr>
<tr class="row-odd"><td>ldapGidNumber</td>
<td>rw</td>
<td>no</td>
<td>group ID attribute, needed for primary groups on OpenLDAP (and compatible)</td>
</tr>
<tr class="row-even"><td>ldapUserFilterObjectclass</td>
<td>rw</td>
<td>no</td>
<td>set by the Settings Wizard (web UI)</td>
</tr>
<tr class="row-odd"><td>ldapUserFilterGroups</td>
<td>rw</td>
<td>no</td>
<td>set by the Settings Wizard (web UI)</td>
</tr>
<tr class="row-even"><td>ldapUserFilter</td>
<td>rw</td>
<td>yes</td>
<td>LDAP Filter used to retrieve user</td>
</tr>
<tr class="row-odd"><td>ldapUserFilterMode</td>
<td>rw</td>
<td>no</td>
<td>used by the Settings Wizard, set to 1 for manual editing</td>
</tr>
<tr class="row-even"><td>ldapAttributesForUserSearch</td>
<td>rw</td>
<td>no</td>
<td>attributes to be matched when searching for users. separate by ;</td>
</tr>
<tr class="row-odd"><td>ldapGroupFilter</td>
<td>rw</td>
<td>no</td>
<td>LDAP Filter used to retrieve groups</td>
</tr>
<tr class="row-even"><td>ldapGroupFilterMode</td>
<td>rw</td>
<td>no</td>
<td>used by the Settings Wizard, set to 1 for manual editing</td>
</tr>
<tr class="row-odd"><td>ldapGroupFilterObjectclass</td>
<td>rw</td>
<td>no</td>
<td>set by the Settings Wizard (web UI)</td>
</tr>
<tr class="row-even"><td>ldapGroupFilterGroups</td>
<td>rw</td>
<td>no</td>
<td>set by the Settings Wizard (web UI)</td>
</tr>
<tr class="row-odd"><td>ldapGroupMemberAssocAttr</td>
<td>rw</td>
<td>no</td>
<td>attribute that indicates group members, one of: member, memberUid, uniqueMember, gidNumber</td>
</tr>
<tr class="row-even"><td>ldapGroupDisplayName</td>
<td>rw</td>
<td>no</td>
<td>Attribute used as display name for groups, required if groups are used</td>
</tr>
<tr class="row-odd"><td>ldapAttributesForGroupSearch</td>
<td>rw</td>
<td>no</td>
<td>attributes to be matched when searching for groups. separate by ;</td>
</tr>
<tr class="row-even"><td>ldapLoginFilter</td>
<td>rw</td>
<td>yes</td>
<td>LDAP Filter used to authenticate users</td>
</tr>
<tr class="row-odd"><td>ldapLoginFilterMode</td>
<td>rw</td>
<td>no</td>
<td>used by the Settings Wizard, set to 1 for manual editing</td>
</tr>
<tr class="row-even"><td>ldapLoginFilterEmail</td>
<td>rw</td>
<td>no</td>
<td>set by the Settings Wizard (web UI)</td>
</tr>
<tr class="row-odd"><td>ldapLoginFilterUsername</td>
<td>rw</td>
<td>no</td>
<td>set by the Settings Wizard (web UI)</td>
</tr>
<tr class="row-even"><td>ldapLoginFilterAttributes</td>
<td>rw</td>
<td>no</td>
<td>set by the Settings Wizard (web UI)</td>
</tr>
<tr class="row-odd"><td>ldapQuotaAttribute</td>
<td>rw</td>
<td>no</td>
<td>LDAP attribute containing the quote value (per user)</td>
</tr>
<tr class="row-even"><td>ldapQuotaDefault</td>
<td>rw</td>
<td>no</td>
<td>Default Quota, if specified quota attribute is empty</td>
</tr>
<tr class="row-odd"><td>ldapEmailAttribute</td>
<td>rw</td>
<td>no</td>
<td>LDAP attribute containing the email address (takes first if multiple are stored)</td>
</tr>
<tr class="row-even"><td>ldapCacheTTL</td>
<td>rw</td>
<td>no</td>
<td>How long results from LDAP are cached, defaults to 10min</td>
</tr>
<tr class="row-odd"><td>ldapUuidUserAttribute</td>
<td>r</td>
<td>no</td>
<td>set in runtime</td>
</tr>
<tr class="row-even"><td>ldapUuidGroupAttribute</td>
<td>r</td>
<td>no</td>
<td>set in runtime</td>
</tr>
<tr class="row-odd"><td>ldapConfigurationActive</td>
<td>rw</td>
<td>no</td>
<td>whether this configuration is active. 1 is on, 0 is off.</td>
</tr>
<tr class="row-even"><td>ldapExperiencedAdmin</td>
<td>rw</td>
<td>no</td>
<td>used by the Settings Wizard, set to 1 for manual editing</td>
</tr>
<tr class="row-odd"><td>homeFolderNamingRule</td>
<td>rw</td>
<td>no</td>
<td>LDAP attribute to use a user folder name</td>
</tr>
<tr class="row-even"><td>hasPagedResultSupport</td>
<td>r</td>
<td>no</td>
<td>set in runtime</td>
</tr>
<tr class="row-odd"><td>hasMemberOfFilterSupport</td>
<td>r</td>
<td>no</td>
<td>set in runtime</td>
</tr>
<tr class="row-even"><td>useMemberOfToDetectMembership</td>
<td>rw</td>
<td>no</td>
<td>Whether to use memberOf to detect group memberships</td>
</tr>
<tr class="row-odd"><td>ldapExpertUsernameAttr</td>
<td>rw</td>
<td>no</td>
<td>LDAP attribute to use as internal username. Might be modified (e.g. to avoid name collisions, character restrictions)</td>
</tr>
<tr class="row-even"><td>ldapExpertUUIDUserAttr</td>
<td>rw</td>
<td>no</td>
<td>override the LDAP servers UUID attribute to identify LDAP user records</td>
</tr>
<tr class="row-odd"><td>ldapExpertUUIDGroupAttr</td>
<td>rw</td>
<td>no</td>
<td>override the LDAP servers UUID attribute to identify LDAP group records</td>
</tr>
<tr class="row-even"><td>lastJpegPhotoLookup</td>
<td>r</td>
<td>no</td>
<td>set in runtime</td>
</tr>
<tr class="row-odd"><td>ldapNestedGroups</td>
<td>rw</td>
<td>no</td>
<td>Whether LDAP supports nested groups</td>
</tr>
<tr class="row-even"><td>ldapPagingSize</td>
<td>rw</td>
<td>no</td>
<td>Number of results to return per page</td>
</tr>
<tr class="row-odd"><td>turnOnPasswordChange</td>
<td>rw</td>
<td>no</td>
<td>Whether users are allowed to change passwords (hashing must happen on LDAP!)</td>
</tr>
<tr class="row-even"><td>ldapDynamicGroupMemberURL</td>
<td>rw</td>
<td>no</td>
<td>URL for dynamic groups</td>
</tr>
<tr class="row-odd"><td>ldapDefaultPPolicyDN</td>
<td>rw</td>
<td>no</td>
<td>PPolicy DN for password rules</td>
</tr>
</tbody>
</table>
</div>
</div>
<ul class="prevnext-title list-unstyled list-inline">
<li class="prev">
<a href="user_auth_ldap_cleanup.html" title="Previous Chapter: LDAP user cleanup"><span class="glyphicon glyphicon-chevron-left visible-sm"></span><span class="hidden-sm">« LDAP user cleanup</span>
</a>
</li>
<li class="next">
<a href="user_provisioning_api.html" title="Next Chapter: User provisioning API"><span class="glyphicon glyphicon-chevron-right visible-sm"></span><span class="hidden-sm">User provisioning API »</span>
</a>
</li>
</ul>
</div>
</div>
</div>
</main>
</div>
</div>
</body>
</html>