dkerwin/gist:3654876

## gistfile1.txt
 /** $Id: Exp $
  *
  * Copyright (c) 1997-2005 Day Management AG
  * Barfuesserplatz 6, 4001 Basel, Switzerland
  * All Rights Reserved.
  *
  * This software is the confidential and proprietary information of
  * Day Management AG, ("Confidential Information"). You shall not
  * disclose such Confidential Information and shall use it only in
  * accordance with the terms of the license agreement you entered into
  * with Day.
  *
  */
com.day.crx {
   com.day.crx.security.authentication.CRXLoginModule sufficient;
   com.day.crx.security.ldap.LDAPLoginModule required
        principal_provider.class="com.day.crx.security.ldap.principals.LDAPPrincipalProvider"
        principal_provider.name="ldap"
   		host="localhost"
		port="10389"
		authDn="uid=admin,ou=system"
		authPw="secret"
    	userRoot="ou=users, dc=adobe, dc=com"
	   	userFilter="(objectclass=person)"
		userIdAttribute="sn"
		groupFilter="(objectclass=groupOfUniqueNames)"
   		groupMembershipAttribute="uniquemember"
		groupNameAttribute="cn"
   		groupRoot="ou=groups, dc=adobe, dc=com"
   		deny_anonymous_access="true"
		autocreate="create"
       	autocreate.syncdelay="1800"
   		autocreate.lastmodified ="lastmodified"
   		autocreate.user.mail="rep:e-mail"
   		autocreate.user.cn="rep:fullname"
   		autocreate.group.description="description"
   		autocreate.group.mail="rep:e-mail"
   		autocreate.group.cn="rep:fullname"
   		autocreate.group.localadmin="admin"
   		autocreate.group.uniquemember = "uniquemember"
   		autocreate.group.description = "description"
   		autocreate.path="splitdn"
		cache.expiration="600"
		cache.maxsize="100";

/**
 * Sample configuration for this login-module:
 *
 * Module-Settings:
 * ----------------
 * principal_provider.class="com.day.crx.security.principals.LDAPPrincipalProvider"
 *				    //fully qualified class name of the provider to
 *				    //to be used by this Module
 * principal_provider.name="ldap"   //name of the provider, may be used to access it
 *				   //via PrinicpalManger
 *
 * Connection-Settings:
 * --------------------
 * host="ldap.sample.net	    //hostname or IP of the LDAP-Host to connect
 * port="389"			    //optional port the LDAP-host listens to
 *				    //defaults to 389
 * authDn="cn=Directory Manager"    //optional DN auf the user, this LoginModule
 *				    //should bind as. If omitted -> anynoumus
 * authPw="secret"		    //passwort to authenticate the bind-user
 *
 * Secure ldap connections are possible, if the JVM this module is running in
 * is set-up to trust the ldap-server. Use ldaps://ldap.sample.net if you as
 * value for host
 *
 * Authentication-Settings:
 * ------------------------
 * For Authentication the module tires to bind the user with the credentials
 * provided. If this is successfull, the users entry and its group-memberschip
 * is resolved according the following settings:
 *
 * userRoot="O=Company"		    //DN all users are searched below
 *				    //defaults to "" but this may not be sup-
 *				    //all servers
 * userFilter="(objectclass=person)"//LDAP serach-filter to match the entries
 *				    //below userRoot: defaults to (objectclass=person)
 * userIdAttribute="uid"	    //name of the ldap-attribute, that contains
 *				    //the user-ID aka its login-name.
 *				    //defaults to "uid"
 *
 * groupRoot="OU=Groups,O=Company"  //DN all groups are searched below
 *				    //defaults to "" but this may not be sup-
 *				    //all servers
 * groupFilter="(objectclass=groupOfUniqueNames)"
 *				    //LDAP serach-filter to match the entries
 *				    //below groupRoot:
 *				    //defaults to (objectclass=groupOfUniqueNames)
 * groupMembershipAttribute="uniquemember"
 *				    //LDAP attribute, which is searched, to build
 *				    //the group-membership relation
 * groupNameAttribute="cn"	    //Nameing attribute of the group. Used for
 *				    //display in GUI, defaults to "cn"
 *
 * Auto-Creation:
 * --------------
 * The configuration given above would be sufficient to authenticate and
 * authorize a user residing in an LDAP server.
 * In some cases, it may be desired to have access to user and group-data from
 * within your repository. E.g as your application wants to notify users via
 * e-mail.
 * In this case, you can configure this LoginModule to create the user within the
 * repository, if needed and to keep its data up-to date.
 *
 * autocreate= "create"		    //setting this option to create, enables
 *				    //autocreation
 * autocreate.path="direct"	    //Rule how, the dn should be converted into a
 * 				    //Path, when creating a new node
 *				    //there are two options "direct" and "splitdn"
 *				    //direct: a node with the name of the LDAPEntry's
 * 				    //nameing attribute is created
 *				    //splitdn: each dn-part is translated into a
 *				    //path-element.
 *				    //defaults to "direct"
 * autocreate.lastmodified="lastmodified"
 *				    //If your ldap-server time-stamps your entries
 *				    //this timestamp may be used to identify if an
 *				    //nodes content has to be refreshed against LDAP
 *				    //Configure the Attributes name, containing the
 *				    //last-modfied time-stamp.
 *				    //NOTE: If not configured, the entry is synced on,
 *				    //each login
 * autocreate.user.<attributename>="<propertyname>"
 *				    //creates and sets the LDAP-Entries attribute
 *				    //named <attributename> as value of the property
 *				    //named <propertyname>
 *				    //NOTE: failes if teh user-nodetype doesn't allow
 *				    //      to set a property of the given name
 * autocreate.user.mail="rep:e-mail"//will set the users mail address to the ndoe's
 *				    //rep:e-mail" Property
 * autocreate.user.nodetype="rep:user"
 * 				    //name of the node-type to create a user with.
 *				    //must be a sub-tpye of "rep:iser"
 *				    //defaults to "rep:user"
 *
 * autocreate.group.<attributename>="<propertyname>"
 * 				    //same as for users but applied to groups
 * autocreate.group.nodetype="rep:group"
 * 				    //name of the node-type to create a group with.
 *				    //must be a sub-tpye of "rep:group"
 *				    //defaults to "rep:group"
 *
 * Cacheing
 * --------
 * The PrincipalProvider used, allows for cacheing of its principals, to avoid
 * the need to connect each time to the LDAP server it is accessed.
 *
 * cache.maxsize="1000"		    //amount of principals held in cache
 *				    //defaults to 1000
 * cache.expiration="600"	    //aoumt of time in sec. a Principal is cached
 *


 */
};
	/** $Id: Exp $
	*
	* Copyright (c) 1997-2005 Day Management AG
	* Barfuesserplatz 6, 4001 Basel, Switzerland
	* All Rights Reserved.
	*
	* This software is the confidential and proprietary information of
	* Day Management AG, ("Confidential Information"). You shall not
	* disclose such Confidential Information and shall use it only in
	* accordance with the terms of the license agreement you entered into
	* with Day.
	*
	*/
	com.day.crx {
	com.day.crx.security.authentication.CRXLoginModule sufficient;
	com.day.crx.security.ldap.LDAPLoginModule required
	principal_provider.class="com.day.crx.security.ldap.principals.LDAPPrincipalProvider"
	principal_provider.name="ldap"
	host="localhost"
	port="10389"
	authDn="uid=admin,ou=system"
	authPw="secret"
	userRoot="ou=users, dc=adobe, dc=com"
	userFilter="(objectclass=person)"
	userIdAttribute="sn"
	groupFilter="(objectclass=groupOfUniqueNames)"
	groupMembershipAttribute="uniquemember"
	groupNameAttribute="cn"
	groupRoot="ou=groups, dc=adobe, dc=com"
	deny_anonymous_access="true"
	autocreate="create"
	autocreate.syncdelay="1800"
	autocreate.lastmodified ="lastmodified"
	autocreate.user.mail="rep:e-mail"
	autocreate.user.cn="rep:fullname"
	autocreate.group.description="description"
	autocreate.group.mail="rep:e-mail"
	autocreate.group.cn="rep:fullname"
	autocreate.group.localadmin="admin"
	autocreate.group.uniquemember = "uniquemember"
	autocreate.group.description = "description"
	autocreate.path="splitdn"
	cache.expiration="600"
	cache.maxsize="100";

	/**
	* Sample configuration for this login-module:
	*
	* Module-Settings:
	* ----------------
	* principal_provider.class="com.day.crx.security.principals.LDAPPrincipalProvider"
	* //fully qualified class name of the provider to
	* //to be used by this Module
	* principal_provider.name="ldap" //name of the provider, may be used to access it
	* //via PrinicpalManger
	*
	* Connection-Settings:
	* --------------------
	* host="ldap.sample.net //hostname or IP of the LDAP-Host to connect
	* port="389" //optional port the LDAP-host listens to
	* //defaults to 389
	* authDn="cn=Directory Manager" //optional DN auf the user, this LoginModule
	* //should bind as. If omitted -> anynoumus
	* authPw="secret" //passwort to authenticate the bind-user
	*
	* Secure ldap connections are possible, if the JVM this module is running in
	* is set-up to trust the ldap-server. Use ldaps://ldap.sample.net if you as
	* value for host
	*
	* Authentication-Settings:
	* ------------------------
	* For Authentication the module tires to bind the user with the credentials
	* provided. If this is successfull, the users entry and its group-memberschip
	* is resolved according the following settings:
	*
	* userRoot="O=Company" //DN all users are searched below
	* //defaults to "" but this may not be sup-
	* //all servers
	* userFilter="(objectclass=person)"//LDAP serach-filter to match the entries
	* //below userRoot: defaults to (objectclass=person)
	* userIdAttribute="uid" //name of the ldap-attribute, that contains
	* //the user-ID aka its login-name.
	* //defaults to "uid"
	*
	* groupRoot="OU=Groups,O=Company" //DN all groups are searched below
	* //defaults to "" but this may not be sup-
	* //all servers
	* groupFilter="(objectclass=groupOfUniqueNames)"
	* //LDAP serach-filter to match the entries
	* //below groupRoot:
	* //defaults to (objectclass=groupOfUniqueNames)
	* groupMembershipAttribute="uniquemember"
	* //LDAP attribute, which is searched, to build
	* //the group-membership relation
	* groupNameAttribute="cn" //Nameing attribute of the group. Used for
	* //display in GUI, defaults to "cn"
	*
	* Auto-Creation:
	* --------------
	* The configuration given above would be sufficient to authenticate and
	* authorize a user residing in an LDAP server.
	* In some cases, it may be desired to have access to user and group-data from
	* within your repository. E.g as your application wants to notify users via
	* e-mail.
	* In this case, you can configure this LoginModule to create the user within the
	* repository, if needed and to keep its data up-to date.
	*
	* autocreate= "create" //setting this option to create, enables
	* //autocreation
	* autocreate.path="direct" //Rule how, the dn should be converted into a
	* //Path, when creating a new node
	* //there are two options "direct" and "splitdn"
	* //direct: a node with the name of the LDAPEntry's
	* //nameing attribute is created
	* //splitdn: each dn-part is translated into a
	* //path-element.
	* //defaults to "direct"
	* autocreate.lastmodified="lastmodified"
	* //If your ldap-server time-stamps your entries
	* //this timestamp may be used to identify if an
	* //nodes content has to be refreshed against LDAP
	* //Configure the Attributes name, containing the
	* //last-modfied time-stamp.
	* //NOTE: If not configured, the entry is synced on,
	* //each login
	* autocreate.user.<attributename>="<propertyname>"
	* //creates and sets the LDAP-Entries attribute
	* //named <attributename> as value of the property
	* //named <propertyname>
	* //NOTE: failes if teh user-nodetype doesn't allow
	* // to set a property of the given name
	* autocreate.user.mail="rep:e-mail"//will set the users mail address to the ndoe's
	* //rep:e-mail" Property
	* autocreate.user.nodetype="rep:user"
	* //name of the node-type to create a user with.
	* //must be a sub-tpye of "rep:iser"
	* //defaults to "rep:user"
	*
	* autocreate.group.<attributename>="<propertyname>"
	* //same as for users but applied to groups
	* autocreate.group.nodetype="rep:group"
	* //name of the node-type to create a group with.
	* //must be a sub-tpye of "rep:group"
	* //defaults to "rep:group"
	*
	* Cacheing
	* --------
	* The PrincipalProvider used, allows for cacheing of its principals, to avoid
	* the need to connect each time to the LDAP server it is accessed.
	*
	* cache.maxsize="1000" //amount of principals held in cache
	* //defaults to 1000
	* cache.expiration="600" //aoumt of time in sec. a Principal is cached
	*


	*/
	};