LDAP Cluster Properties

The following cluster properties configure the 's connection to a LDAP Identity Provider. 
gateway91
The following cluster properties configure the
Layer7 API Gateway
's connection to a LDAP Identity Provider
Refer to "Time Units" under Gateway Cluster Properties for a list of the valid time units that you can use for time-related properties.
Property
Description
ldap.certificate.cachetime
Time to keep LDAP certificates in the LDAP certificate cache.
Default:
600000
(milliseconds)
ldap.certificateIndex.interval
Time between indexing or reindexing the LDAP certificates.
Default:
600000
(milliseconds)
ldap.connection.timeout
Timeout for an LDAP connection. If the LDAP provider cannot establish a connection within that period, it aborts the connection attempt. A value less than or equal to zero means to use the network protocol's (for example, TCPs) timeout value.
Default:
5
(seconds)
ldap.group.searchMaxResults
Maximum number of results to return in an LDAP group membership search.
By default, this setting uses the value from the ldap.searchMaxResults property. Enter a different value if you do not want the two values to be the same.
Default: setting from
ldap.searchMaxResults
ldap.read.timeout
Read timeout for LDAP operations. If the LDAP provider cannot get a LDAP response within that period, it aborts the read attempt. A value less than or equal to zero means no read timeout is specified which is equivalent to waiting for the response infinitely until it is received.
Default:
30
(seconds)
ldap.reconnect.timeout
The amount of time to wait before attempting to reconnect to a LDAP server that failed during LDAP authentication. This property lets you determine how long an LDAP server should be blacklisted. This cluster property is used unless an explicit override value is entered in the Simple LDAP Identity Provider Wizard. A value of '0' (zero) disables the blacklist, meaning the Gateway attempts a reconnect immediately.
Default:
60000
(milliseconds)
This cluster property replaces the now deprecated "ldap.reconnect.timeout" setting in the
serverconfig_override.properties
file. Do not use the properties file to override the reconnect timeout; always use this cluster property instead.
ldap.referral
Controls how to handle LDAP referrals. Possible values are follow or ignore. Set this property to ignore if LDAP referrals are causing problems.
Default:
follow
ldap.searchMaxResults
Maximum number of results to return in an LDAP Identity Provider search.
Default:
1000
ldap.simple.username.pattern
Regular expression that all usernames must match before they can be used to construct a DN using the Simple LDAP Identity Provider.
Default:
^[\p{Alnum}\.\-\_]+$