Configuration
      Back to home
      1. Knowledge Base
      2. Installation and System Setup
      3. Configuration

      6.2 to 6.3.3 changes in oasis.properties file

      The oasis.properties file now includes a new configuration parameter, ldap.additional.userSearchBase=, specifically for organizations using LDAP authentication with multiple or additional user search bases. This parameter allows administrators to define an alternative search base for locating user information within the LDAP directory.


      When configured, ldap.additional.userSearchBase enables the system to look up users within a specified additional search base. This is particularly useful in organizations with complex LDAP structures, where users may exist in multiple organizational units beyond the primary search base.


      If your organization requires this additional configuration, specify the appropriate search base path. Otherwise, this parameter value can be left blank, and the system will rely solely on the primary LDAP_USERSEARCHBASE.


      Note: Customers using Release6.3.3 with LDAP authentication must include this parameter in the oasis.properties file. If it is not included, the application will fail during the boot process.


      Example:

      Imagine an organization has an LDAP directory with the following structure:

      • Primary Search Base: ou=Employees,dc=example,dc=com
      • Additional Search Base: ou=Contractors,dc=example,dc=com

      In this setup:

      Full-time employees are stored under ou=Employees,dc=example,dc=com.

      Contractors are stored under ou=Contractors,dc=example,dc=com.


      To enable LDAP authentication for both employees and contractors, the organization can configure ldap.additional.userSearchBase to include the secondary base for contractors.


      Example Configuration in oasis.properties file:

      ldap.userSearchBase=ou=Employees,dc=example,dc=com

      ldap.additional.userSearchBase=ou=Contractors,dc=example,dc=com


      Deployment involves creating an image for Release6.3.3, checking parameters in run.sh, and considering the client's cloud environment (AWS, Azure, GCP). 

      OvalEdge adds the necessary parameters, builds the image, and delivers it to the client.

      DevOps Maintain Environment variables in run.sh

      6.3.3 Env variables in run.sh

      echo "#local DB Crendentials.

      driverClassName=com.mysql.cj.jdbc.Driver

      security_type=$OVALEDGE_SECURITY_TYPE

      url=$OVALEDGE_MYSQL_URL

      username=$OVALEDGE_MYSQL_USER

      password=$

      read.url=$OVALEDGE_MYSQL_READ_URL

      initialSize=2

      ovaledge.role.public=OE_PUBLIC

      db.initial.size=10

      db.min.idle=5

      db.max.connections=$DB_MAX_CONNECTION

      db.max.idle=$DB_MAX_IDLE

      read.db.max.connections=$READ_DB_MAX_CONNECTION

      read.db.max.idle=$READ_DB_MAX_IDLE

      spring.session.db.max.connections=60

      hikari.connectionTimeout.in.seconds=150

      hikari.idleTimeout.in.minutes=5

      hikari.validationTimeout.in.seconds=120

      hikari.leakDetectionThreshold.in.seconds=300

      hikari.cachePrepStmts=true

      hikari.prepStmtCacheSize=250

      hikari.prepStmtCacheSqlLimit=2048

      hikari.useServerPrepStmts=true

      hikari.useLocalSessionState=true

      hikari.rewriteBatchedStatements=true

      hikari.prepStmtCacheSize=250hikari.cacheResultSetMetadata=true

      hikari.cacheServerConfiguration=true

      hikari.elideSetAutoCommits=true

      transaction.propagation.behaviour=3

      samlHTTPMetadataProvider=$OVALEDGE_SAML_META_DATA

      entityBaseURL=$entityBaseURL

      ldap.customRolePrefix=OE

      ldap.userSearchFilter=$LDAP_USER_SEARCH_FILTER

      ldap.userSearchBase=$LDAP_USERSEARCHBASE

      ldap.additional.userSearchBase=$LDAP_ADDITIONALUSERSEARCHBASE

      ldap.groupRoleAttribute=$LDAP_GROUPROLEATTRIBUTE

      ldap.groupSearchFilter=$LDAP_GROUP_SEARCH_FILTER

      ldap.groupSearchBase=$LDAP_GROUPSEARCHBASE

      ldap.url=$LDAP_URL

      ldap.managerDn=$LDAP_MANAGERDN

      ldap.managerPassword=$LDAP_MANAGER_PWORD

      ldap.managerPassword.encrypted=false

      ldap.rootDn=$LDAP_ROOTDN

      ldap.usermapping.firstName=givenName

      ldap.usermapping.lastName=sn

      ldap.usermapping.email=mail

      spring.security.oauth2.client.registration.google.clientId=clientid

      spring.security.oauth2.client.registration.google.clientSecret=clientsecret

      spring.security.oauth2.client.registration=google

      spring.security.oauth2.baseurl=

      authProvider=onelogin

      authProviderUrl=saml/login

      saml-metadata-type=$SAML_METADATA_TYPE

      entity-base-islb=$ENTITY_BASE_ISLB

      entity-base-protocol=$ENTITY_BASE_PROTOCOL

      entity-base-host=$ENTITY_BASE_HOST

      entity-base-port=$ENTITY_BASE_PORT

      entity-base-contextpath=$ENTITY_BASE_CONTEXTPATH

      entity-base-port-in-url=$ENTITY_BASE_PORT_INURL 

      elasticsearch.enabled=$ES_ENABLED

      elasticsearch.index.name.prefix=ovaledge

      elasticsearch.index.name.seperator=_

      elasticsearch.ovaledge.env=dev

      es.host=$ES_HOST

      es.port=$ES_PORT

      es.protocol=$ES_PROTOCOL

      es.username=$ES_USERNAME

      es.password=$ES_PASSWORD

      aws-secrets=false

      aws-secretregion=

      aws-secretname=

      azure-dbkeyvault=false 

      azure-keyvaulturi= 

      azure-tenantid= 

      azure-clientid= 

      azure-clientsecret= 

      azure-resource=

      ovaledge.jarpath=/home/ovaledge/third_party_jars/

      oe.diagnostics.post.queries.execution.capture=false

      api.introspection.uri=$INTROSPECTION_URL

      api.clientid=$API_CLIENTID

      api.clientsecret=$API_CLIENTSECRET

      -- INSERT -- 

      Note: If the client uses AWS Secrets or Azure Key Vault, OvalEdge sets the value to "true" and adds the respective parameter.

       Copyright © 2024, OvalEdge LLC, Peachtree Corners, GA USA