WildFly Full 27 Model Reference

A LdapKeyStore definition.

Attributes (17)

alias-attribute The name of LDAP attribute, where will be item alias stored.

Attribute	Value
Default Value	cn
Type	STRING
Nillable	true
Expressions Allowed	true
Storage	configuration
Access Type	read-write
Restart Required	all-services

certificate-attribute The name of LDAP attribute, where will be certificate stored.

Attribute	Value
Default Value	usercertificate
Type	STRING
Nillable	true
Expressions Allowed	true
Storage	configuration
Access Type	read-write
Restart Required	all-services

certificate-chain-attribute The name of LDAP attribute, where will be certificate chain stored.

Attribute	Value
Default Value	userSMIMECertificate
Type	STRING
Nillable	true
Expressions Allowed	true
Storage	configuration
Access Type	read-write
Restart Required	all-services

certificate-chain-encoding The encoding of the certificate chain.

Attribute	Value
Default Value	PKCS7
Type	STRING
Nillable	true
Expressions Allowed	true
Storage	configuration
Access Type	read-write
Restart Required	all-services

certificate-type The type of the Certificate.

Attribute	Value
Default Value	X.509
Type	STRING
Nillable	true
Expressions Allowed	true
Storage	configuration
Access Type	read-write
Restart Required	all-services

dir-context The name of DirContext, which will be used to communication with LDAP server.

Attribute	Value
Capability reference	/subsystem=elytron/dir-context=*
Type	STRING
Nillable	false
Expressions Allowed	false
Storage	configuration
Access Type	read-write
Restart Required	all-services

filter-alias The LDAP filter for obtaining an item of the KeyStore by alias. If this is not specified then the default value will be (alias_attribute={0}). The string '{0}' will be replaced by the searched alias and the 'alias_attribute' value will be the value of the attribute 'alias-attribute'.

filter-certificate The LDAP filter for obtaining an item of the KeyStore by certificate. If this is not specified then the default value will be (certificate_attribute={0}). The string '{0}' will be replaced by searched encoded certificate and the 'certificate_attribute' will be the value of the attribute 'certificate-attribute'.

filter-iterate The LDAP filter for iterating over all items of the KeyStore. If this is not specified then the default value will be (alias_attribute=*). The 'alias_attribute' will be the value of the attribute 'alias-attribute'.

key-attribute The name of LDAP attribute, where will be key stored.

Attribute	Value
Default Value	userPKCS12
Type	STRING
Nillable	true
Expressions Allowed	true
Storage	configuration
Access Type	read-write
Restart Required	all-services

key-type The type of KeyStore, in which will be key serialized to LDAP attribute.

Attribute	Value
Default Value	PKCS12
Type	STRING
Nillable	true
Expressions Allowed	true
Storage	configuration
Access Type	read-write
Restart Required	all-services

new-item-template Configuration for item creation. Define how will look LDAP entry of newly created keystore item.

Attribute	Value
Type	OBJECT
Nillable	true
Expressions Allowed	false
Storage	configuration
Access Type	read-write
Restart Required	all-services

search-path The path in LDAP, where will be KeyStore items searched.

Attribute	Value
Type	STRING
Nillable	false
Expressions Allowed	true
Storage	configuration
Access Type	read-write
Restart Required	all-services

search-recursive If the LDAP search should be recursive.

Attribute	Value
Default Value	true
Type	BOOLEAN
Nillable	true
Expressions Allowed	true
Storage	configuration
Access Type	read-write
Restart Required	all-services

search-time-limit The time limit for obtaining keystore items from LDAP.

Attribute	Value
Default Value	10000
Type	INT
Nillable	true
Expressions Allowed	true
Storage	configuration
Access Type	read-write
Restart Required	all-services

size The size of LDAP KeyStore in amount of items/aliases.

Attribute	Value
Type	INT
Nillable	false
Expressions Allowed	false
Storage	runtime
Access Type	read-only

state The state of the underlying service that represents this KeyStore at runtime, if it is anything other than UP runtime operations will not be available.

Attribute	Value
Type	STRING
Nillable	false
Expressions Allowed	false
Storage	runtime
Access Type	read-only
Allowed Values	DOWN STARTING START_FAILED UP STOPPING REMOVED

Operations (5)

add Add a new LDAP KeyStore.

Request Parameter	Type	Required	Expressions Allowed	Default value	Description
dir-context	STRING	true	false		The name of DirContext, which will be used to communication with LDAP server.
new-item-template	OBJECT	false	false		Configuration for item creation. Define how will look LDAP entry of newly created keystore item.
alias-attribute	STRING	false	true	cn	The name of LDAP attribute, where will be item alias stored.
certificate-attribute	STRING	false	true	usercertificate	The name of LDAP attribute, where will be certificate stored.
certificate-chain-attribute	STRING	false	true	userSMIMECertificate	The name of LDAP attribute, where will be certificate chain stored.
certificate-chain-encoding	STRING	false	true	PKCS7	The encoding of the certificate chain.
certificate-type	STRING	false	true	X.509	The type of the Certificate.
key-attribute	STRING	false	true	userPKCS12	The name of LDAP attribute, where will be key stored.
key-type	STRING	false	true	PKCS12	The type of KeyStore, in which will be key serialized to LDAP attribute.
filter-alias	STRING	false	true		The LDAP filter for obtaining an item of the KeyStore by alias. If this is not specified then the default value will be (alias_attribute={0}). The string '{0}' will be replaced by the searched alias and the 'alias_attribute' value will be the value of the attribute 'alias-attribute'.
filter-certificate	STRING	false	true		The LDAP filter for obtaining an item of the KeyStore by certificate. If this is not specified then the default value will be (certificate_attribute={0}). The string '{0}' will be replaced by searched encoded certificate and the 'certificate_attribute' will be the value of the attribute 'certificate-attribute'.
filter-iterate	STRING	false	true		The LDAP filter for iterating over all items of the KeyStore. If this is not specified then the default value will be (alias_attribute=*). The 'alias_attribute' will be the value of the attribute 'alias-attribute'.
search-path	STRING	true	true		The path in LDAP, where will be KeyStore items searched.
search-recursive	BOOLEAN	false	true	true	If the LDAP search should be recursive.
search-time-limit	INT	false	true	10000	The time limit for obtaining keystore items from LDAP.

read-alias Read an alias from a KeyStore.

Request Parameter	Type	Required	Expressions Allowed	Default value	Description
alias	STRING	true	false		The alias of the KeyStore item to read.
verbose	BOOLEAN	false	false	true	Whether or not to include the public key and encoded form of a certificate in the output. The default value is true.

read-aliases Read aliases from a KeyStore.

Request Parameter	Type	Required	Expressions Allowed	Default value	Description
recursive	BOOLEAN	false	false	false	Include information about each alias in the KeyStore. The default value is false.
verbose	BOOLEAN	false	false	true	Whether or not to include the public key and encoded form of a certificate in the output. The default value is true.

remove Remove the LDAP KeyStore.
remove-alias Remove an alias from a KeyStore.

Request Parameter Type Required Expressions Allowed Default value Description

alias STRING true false The alias of the KeyStore item to remove.