Red Hat CERTIFICATE SYSTEM 8.0 - ADMINISTRATION Admin Manual page 180

Chapter 5. Using and Configuring the Token Management System: TPS, TKS, and Enterprise Security Client
The operation_type is the token operation for which LDAP authentication is being disabled, such
as enroll, format, or pinreset. Disabling authentication for one operation type does not
disable it for any other operation types.
The token_type is the token profile. There are default profiles for regular users, security officers,
and the users enrolled by security officers. There can also be custom token types for other kinds
of users or certificates.
For example:
op.enroll.userKey.loginRequest.enable=true
op.enroll.userKey.auth.id=ldap1
op.enroll.userKey.pinReset.enable=true
3. Restart the TPS subsystem.
service pki-tps start
Like configuring multiple subsystem instances, there can be multiple LDAP directories configured.
Additional LDAP parameters, such as the base DN under which to search for entries and the Directory
Server hostname and port, are listed in
Parameter
auth.instance.#.attributes
auth.instance.#.type
auth.instance.#.libraryName
auth.instance.#.libraryFactory
auth.instance.#.authId
auth.instance.#.hostport
auth.instance.#.SSLOn
auth.instance.#.retries
auth.instance.#.retryConnect
auth.instance.#.baseDN
auth.instance.#.ui.title.en
auth.instance.#.ui.description.enThe description of the LDAP authentication activity. For example, This authenticates
auth.instance.#.ui.id.UID.name.en The UID parameter name. For example, LDAP User ID.
auth.instance.#.ui.id.PASSWORD.name.en
auth.instance.#.ui.id.UID.description.en
auth.instance.#.ui.id.PASSWORD.description.en
Table 5.9. LDAP Authentication
158
Table 5.9, "LDAP Authentication".
Description
The LDAP attributes of the user entry to be retrieved, if attributes are present, such as
auth.instance.0.attributes=mail,cn,uid.
Once retrieved, these attributes can be used in other parameter entries as $auth.attr na
op.enroll.userKey.keyGen.tokenName=$userid$ [$auth.cn$].
The authentication type to use. This must be LDAP_Authentication.
The library to use for LDAP authentication. Provide the full path to the library. The filenam
The function name to use for LDAP authentication. This must be GetAuthentication.
Specifies this authentication instance ID to use to define operations. For example, ldap1
The LDAP hostname and port number. The format is ldap-hostname:ldap-port.
Sets whether SSL should be turned on. The valid values are true|false.
The number of times authentication is tried after failure. The valid values are integers. For
The number of times the TPS tries to reconnect to the LDAP server after a connection att
For example, 3.
The base DN from which to start the LDAP search. For example, o=example.com.
The title of the LDAP authentication plug-in. For example, LDAP Authentication.
directory.
The password parameter name. For example, LDAP Password.
The description of the UID parameter.
The description of the password parameter.