LDAP ConfigurationThe adapter accepts one or more of the following configuration settings. Configuration settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the adapter, access to these internal properties is provided through the Other property.
LDAP Configuration Settings
|BinaryAttributes: A comma separated list of attributes that are expected to be in binary form.Certain attribute values returned by the LDAP server maybe represented in binary. Set this setting to a comma separated list of attributes that are expected to be binary. The adapter will return a hex encoded version of the value in the result for each attribute defined here. For instance the objectGUID attribute value may be represented as "A4 A8 89 11 6F BC 11 46 A9 F6 FD BD CB 76 8F F3".|
Whether to include the type name in the LDAPAttribute for repeated types returned from a search.By default, the adapter will indicate that the type for an LDAPAttribute is an empty string if the previous LDAPAttribute
was of the same type. When this configuration setting is set to True, the adapter will include the type name of the LDAPAttribute
even if it is the same as the previous element.
For example, when False (default), the resulting xml for a search that contains three values for the "objectClass" type would look like this:
<LDAPAttribute Type="objectClass" Value="top" /> <LDAPAttribute Type="" Value="person" /> <LDAPAttribute Type="" Value="organizationalPerson" />The same search, with this configuration setting set to True would look like this:
<LDAPAttribute Type="objectClass" Value="top" /> <LDAPAttribute Type="objectClass" Value="person" /> <LDAPAttribute Type="objectClass" Value="organizationalPerson" />
SSL Configuration Settings
Determines if the SSL session is reused.
If set to true, the adapter will reuse the context if and only if the following criteria are met:
The minimum cipher strength used for bulk encryption.
This minimum cipher strength largely dependent on the security modules installed
on the system. If the cipher strength specified is not supported,
an error will be returned when connections are initiated.
Please note that this setting contains the minimum cipher strength requested from the security library.
Use this setting with caution. Requesting a lower cipher strength than necessary could potentially cause serious security vulnerabilities in your application.
The cipher suite to be used in an SSL negotiation.The enabled cipher suites to be used in SSL negotiation.
By default, the enabled cipher suites will include all available ciphers ("*").
The special value "*" means that the adapter will pick all of the supported cipher suites. If SSLEnabledCipherSuites is set to any other value, only the specified cipher suites will be considered.
Multiple cipher suites are separated by semicolons.
Example values when UseInternalSecurityAPI is False (default):
// The "Other" property could contain ONE of the following lines: SSLEnabledCipherSuites=* SSLEnabledCipherSuites=CALG_AES_256 SSLEnabledCipherSuites=CALG_AES_256;CALG_3DESPossible values when UseInternalSecurityAPI is False (default) include:
// The "Other" property could contain ONE of the following lines: SSLEnabledCipherSuites=* SSLEnabledCipherSuites=TLS_DHE_DSS_WITH_AES_128_CBC_SHA SSLEnabledCipherSuites=TLS_DHE_DSS_WITH_AES_128_CBC_SHA;TLS_DH_ANON_WITH_AES_128_CBC_SHAPossible values when UseInternalSecurityAPI is True include:
If SSLEnabledProtocols is configured to use TLS 1.3 the following values are supported:
Used to enable/disable the supported security protocols.Used to enable/disable the supported security protocols.
Not all supported protocols are enabled by default (the value of this setting is 4032). If you want more granular control over the enabled protocols, you can set this property to the binary 'OR' of one or more of the following values:
Note: TLS 1.1 and TLS1.2 support are only available starting with Windows 7.
Note: Enabling TLS 1.3 will automatically set UseInternalSecurityAPI to True.
Whether the entire certificate chain is included in the SSLServerAuthentication event.This setting specifies whether the transport log contains the full certificate chain. By default this value is False and only the leaf certificate will be present.
If set to True all certificates returned by the server will be present in the transport log. This includes the leaf certificate, any intermediate certificate, and the root certificate.
Note: When UseInternalSecurityAPI is set to True this value is automatically set to True. This is needed for proper validation when using the internal provider.
Flags that control certificate verification.The following flags are defined (specified in hexadecimal
notation). They can be or-ed together to exclude multiple
Defines the allowed TLS 1.2 signature algorithms when UseInternalSecurityAPI is True.This setting specifies the allowed server certificate signature algorithms when UseInternalSecurityAPI is
True and SSLEnabledProtocols is set to allow TLS 1.2.
When specified the adapter will verify that the server certificate signature algorithm is among the values specified in this setting. If the server certificate signature algorithm is unsupported the adapter will fail with an error.
The format of this value is a comma separated list of hash-signature combinations. For instance:
// The "Other" could contain ALL of these lines: UseInternalSecurityAPI=true SSLEnabledProtocols=3072 TLS12SignatureAlgorithms=sha1-rsa,sha1-dsa,sha256-rsa,sha256-dsaThe default value for this setting is "sha1-rsa,sha1-dsa,sha224-rsa,sha224-dsa,sha256-rsa,sha256-dsa,sha384-rsa,sha384-dsa,sha512-rsa,sha512-dsa".
In order to not restrict the server's certificate signature algorithm, specify an empty string as the value for this setting, which will cause the signature_algorithms TLS 1.2 extension to not be sent.
The allowed certificate signature algorithms.This setting holds a comma separated list of allowed signature algorithms. Possible values are:
The supported (EC)DHE groups.This setting specifies a comma separated list of (EC)DHE groups that are supported for key exchange.
The values are ordered from most preferred to least preferred. The following values are supported:
The default value is ecdhe_secp256r1,ecdhe_secp384r1,ffdhe_2048,ffdhe_3072. This setting is only applicable when SSLEnabledProtocols includes TLS 1.3. Note that groups of larger size require more computational resources and will impact performance.
General Configuration Settings
|AbsoluteTimeout: Determines whether timeouts are inactivity timeouts or absolute timeouts.If AbsoluteTimeout is set to True, any method which does not complete within Timeout seconds will be aborted. By default, AbsoluteTimeout is False, and the timeout is an inactivity timeout.|
The name of the local host or user-assigned IP interface through which connections are initiated or accepted.The LocalHost configuration contains the name of the local host as obtained by the Gethostname() system call, or if the user has assigned an IP address, the value of that address.
In multihomed hosts (machines with more than one IP interface) setting LocalHost to the value of an interface will make the adapter initiate connections (or accept in the case of server adapters) only through that interface.
If the adapter is connected, the LocalHost configuration shows the IP address of the interface through which the connection is made in internet dotted format (aaa.bbb.ccc.ddd). In most cases, this is the address of the local host, except for multihomed hosts (machines with more than one IP interface).
Whether or not to delay when sending packets.
When true, the socket will send all data that is ready to send at once. When
false, the socket will send smaller buffered packets of data at small intervals.
This is known as the Nagle algorithm.
By default, this config is set to false.
Tells the adapter whether or not to use the system security libraries or an internal implementation.
By default the adapter will use the system security libraries to perform cryptographic functions.
When set to False calls to unmanaged code will be made. In certain environments this is not desirable.
To use a completely managed security implementation set this setting to True.
Setting this to True tells the adapter to use the internal implementation
instead of using the system's security API.
Note: This setting is static. The value set is applicable to all adapters used in the application.
When this value is set the product's system DLL is no longer required as a reference, as all unmanaged code is stored in that file.
The adapter also supports the following Macros. These values are not case sensitive and would be supplied to a property in the form %MacroName%.
|Temp||This is resolved to the full path to the system's temporary directory.|
|MessageID||Globally unique identifier (GUID) of the message in BizTalk Server.|
|SourceFileName||The original file name. This includes the extension and excludes the file path, for example, Sample.xml|
|SourceFileNameNoExt||The original file name without the extension or file path, for example, Sample|
|RemoteFileName||The name of the file as it was uploaded to the remote server. This includes the extension and excludes the file path, for example, Sample.xml. Valid only for AS3, FTP, and SFTP Send Adapters.|
|DestinationParty||Name of the destination party.|
|DestinationPartyQualifier||Qualifier of the destination party.|
|SourceParty||Name of the source party.|
|SourcePartyQualifier||Qualifier of the source party.|
|DateTime:CustomFormat||This special value allows you to specify your own custom time format. For instance DateTime:yyyy would be resolved to the 4 digit year.|
|Date||The date format yyyy-MM-dd.|
|DateTime||The date format yyyy-MM-ddThhmmss.|
|Time||The date format hhmmss.|
|DateTime_BTS2000||The date format yyyyMMddhhmmssf.|
|DateTime.TZ||The date format yyyy-MM-ddThhmmsszzz.|
|Time.TZ||The date format hhmmsszzz.|