# $Id: ldap-exerciser.properties 3872 2010-11-09 04:14:40Z unsaved $

# This is a sample properties file for the utility program
# org.hsqldb.auth.LdapAuthBean.  See the API Spec for
# org.hsqldb.auth.LdapAuthBean for details about all of the settings you can use
# here.

# IMPORTANT:  Use ISO-8859-1 encoding for any extended characters, as you always
# should for a Java properties file.

# The ${...} construct (for system properties) is not supported.

# All of these examples use a roleSchemaValuePattern setting to work with the
# LDAP memberOf feature.  If you have a direct attribute for specifying roles
# (and optional schema), then just skip that setting.

# These settings are used for all sample setups
# When startTls is true, ldapHost must match the CN in the server's cert.
ldapHost=beyla.admc.com
parentDn=ou=people,dc=admc,dc=com
roleSchemaValuePattern=cn=([^,]+).*
rolesSchemaAttribute=memberof
accessAttribute=hyperSqlAccess

# This block of settings works for an OpenLDAP server using the memberOf
# feature for membership in roles, with DIGEST-MD5 SASL and StartTLS with a
# private (non-commercial) SSL certificate.
startTls=true
trustStore=/home/blaine/ca/cacert.store
securityMechanism=DIGEST-MD5

# To use an LDAP server that is totally unsecured, comment out the settings in
# the previous block and enable the one setting here.
# An unsecured server can be useful for educational purposes, but not for a
# real application!
#principalTemplate=uid=${username},ou=people,dc=admc,dc=com

# PLAIN authentication, but StartTLS-encrypted.  Disable the block above
# starting with "startTls=true" and enable the settings in this block.
#principalTemplate=uid=${username},ou=people,dc=admc,dc=com

# SASL DIGEST-MD5 with no encryption.  Disable the block above
# starting with "startTls=true" and enable the settings in this block.
#securityMechanism=DIGEST-MD5