I can’t believe there are no examples for this. I have tried many combinations with no luck. If anyone has done this before please let me know if I made any mistakes:
security.server.secureChannelType=ANY_CHANNEL
security.server.channelType=ANY_CHANNEL
security.server.hostname=odkv2.affengeld.ch
currently supported options are activeDirectory, ldap and dhis2
security.server.authenticationMethod=activeDirectory
Settings for both Active Directory (ldap) and LDAP Authentication
Username and password for doing read-only queries.
For activeDirectory, use username@domain
For LDAP, use dn
security.server.ldapQueryUsername=readonly-queries@affengeld.ch
security.server.ldapQueryPassword=R3ad0Nly123
Exclude Active Directory (ldap) and LDAP groups that don’t begin with groupPrefix + space + …
For those that do, replace all punctuation and spaces with underscore and replace
the groupPrefix with GROUP_ The resulting group membership will be propagated down
to the device during a sync.
security.server.groupPrefix=default_prefix
Settings for ActiveDirectory Domain Controller
NOTE: the DC Url should ALWAYS be ldaps
The bind authentication uses basic auth and therefore is not
secure unless a TLS channel is used (i.e., ldaps).
security.server.ldapDomainDClevel2=affengeld
security.server.ldapDomainDClevel1=ch
security.server.ldapDomain=${security.server.ldapDomainDClevel2}.${security.server.ldapDomainDClevel1}
security.server.ldapDomainControllerUrl=ldaps://${security.server.ldapDomainDClevel2}.${security.server.ldapDomainDClevel1}
security.server.ldapDomainDC=DC=${security.server.ldapDomainDClevel2},DC=${security.server.ldapDomainDClevel1}
Settings for LDAP Authentication
enter in this format ldaps://LDAP_ADDRESS:636/
security.server.ldapUrl=ldaps://172.16.20.201:636
security.server.ldapBaseDn=dc=affengeld,dc=ch
security.server.ldapPooled=false
security.server.userSearchBase=ou=Zurich-Benutzer
security.server.groupSearchBase=ou=${security.server.groupPrefix},ou=Afg-Gruppen
security.server.groupRoleAttribute=cn
security.server.userFullnameAttribute=givenName
security.server.usernameAttribute=uid
{0} is username entered during basic auth
security.server.userDnPattern=${security.server.usernameAttribute}={0},${security.server.userSearchBase}
{0} is user dn, {1} is username, this filter is for searching groups that a user belongs to
security.server.memberOfGroupSearchFilter=(memberUid={1})
{0} is groupPrefix, {1} is groupRoleAttribute, this filter is for searching all groups
security.server.serverGroupSearchFilter=(&(objectClass=posixGroup)({1}={0} *))
Settings for DHIS2 Authentication
security.server.dhis2ApiUrl=http://YOUR_DHIS2_SERVER/api/VERSION
a DHIS2 user with privilege to enumerate organizaion units, groups and users
security.server.dhis2AdminUsername=YOUR_ADMIN_USERNAME
security.server.dhis2AdminPassword=YOUR_ADMIN_PASSWORD
name of a DHIS2 orgnaization unit / group to assign Sync Endpoint Site Admins role to
security.server.dhis2SiteAdmins=ODK_SITE_ADMIN
security.server.dhis2AdministerTables=ODK_ADMIN_TABLES
security.server.dhis2SuperUserTables=ODK_SUPER_USER_TABLES
security.server.dhis2SyncTables=ODK_SYNC_TABLES
security.server.dhis2FormManagers=ODK_FORM_MNGR
security.server.dhis2DataViewers=ODK_DATA_VIEWERS
security.server.dhis2DataCollectors=ODK_DATA_COLLECTORS
wink.handlersFactoryClass=org.opendatakit.aggregate.odktables.impl.api.wink.AppEngineHandlersFactory
realm definition
realmString – what should be sent to users when BasicAuth or DigestAuth is done
security.server.realm.realmString=affengeld.ch AFG ODK Sync Endpoint
sync.preference.appName=default
sync.preference.anonymousTablesSync=false
sync.preference.anonymousAttachmentAccess=false