Administrator Documentation

Authentication configuration variables

LDAP

Variable	Type	Default Value	Description
d2l.Auth.LDAP.AppPassword	Org	N/A	LDAP application domain password.
d2l.Auth.LDAP.AppUser	Org	N/A	LDAP application domain user.
d2l.Auth.LDAP.AuthenticationType	Org	normal	LDAP authentication type variable.
d2l.Auth.LDAP.LdapLoginName Attribute	Org	null	Attribute to use as the username when logging the user into the LDAP server. Leave blank to use the fully qualified LDAP username.
d2l.Auth.LDAP.Query	Org	uid={username}	LDAP variable describing the filter on which to search.
d2l.Auth.LDAP.RetrieveUser Attribute	Org	null	LDAP variable describing the attribute to retrieve as the d2l username
d2l.Auth.LDAP.RootPath	Org	ldap://ldap.example.com/ ou=users,o=example	LDAP path to use as the base for searches
d2l.Auth.LDAP.Scope	Org	base	The LDAP scope variables.
d2l.Auth.LDAP.UseSecondary ServerOnFailure	Org	OFF	Use LDAP2 Variables if LDAP variables fail for some reason.
d2l.Auth.LDAP.UseStartTLS	Org	OFF	Use StartTLS to secure a connection after connecting to a non-secure port (i.e., 389). Do not turn on when using a secure port like 636.

LDAP2

Variable	Type	Default Value	Description
Variable	Type	Default Value	Description
d2l.Auth.LDAP2.AppPassword	Org	N/A	LDAP application domain password.
d2l.Auth.LDAP2.AppUser	Org	N/A	LDAP application domain user.
d2l.Auth.LDAP2.AuthenticationType	Org	normal	LDAP authentication type variable.
d2l.Auth.LDAP2.LdapLoginName Attribute	Org	N/A	Attribute to use as the username when logging the user into the LDAP server. Leave blank to use the fully qualified LDAP username.
d2l.Auth.LDAP2.Query	Org	uid={username}	LDAP variable describing the filter on which to search.
d2l.Auth.LDAP2.RetrieveUser Attribute	Org	N/A	Attribute to retrieve that stores the d2l user.
d2l.Auth.LDAP2.RootPath	Org	ldap://ldap.example.com/ ou=users,o=example	The LDAP root path.
d2l.Auth.LDAP.Scope	Org	base	The LDAP scope variables.
d2l.Auth.LDAP2.UseStartTLS	Org	OFF	Use StartTLS to secure a connection after connecting to a non-secure port (i.e., 389). Do not turn on when using a secure port like 636.

Password

Variable	Type	Default Value	Description
d2l.Auth.Password.CheckPasswordHistory	Org	OFF	Determines whether to check user password history when validating potential passwords.
d2l.Auth.Password.CheckUserInfo	Org	OFF	Determines whether to check for user identifying information, such as username, first/last/middle name, and so on, when validating potential passwords.
d2l.Auth.Password.CustomForgot PasswordLink	Org	N/A	The URL that the Forgot Password link points to on the login page. Sites using LDAP may wish to customize this.
d2l.Auth.Password.CustomGoToLoginPageLink	Org	/	Location user is taken to when they click "Cancel" or "Go to Login Page" on the Password Reset or Forgot Password pages. Default value used is the same as the primary login page for the site (configured using d2l.Tools.Login.LoginPageType). Sites using external authentication can customize this to use the same login page used by their D2L-authenticated users (for example: /d2l/login?noRedirect=1).
d2l.Auth.Password.IncludeAlpha UnicodeCharacters	Org	OFF	Determines whether the password validation policy includes alphabetic characters that are not Latin (for example, European) letters. Whether this character class is required under this policy depends on the value of d2l.Auth.Password. NumRequiredCharacterClasses.
d2l.Auth.Password.IncludeBase 10Digits	Org	OFF	Determines whether the password validation policy includes base-10 digits. Whether this character class is required under this policy depends on the value of d2l.Auth.Password. NumRequiredCharacterClasses.
d2l.Auth.Password.Include LowercaseLetters	Org	OFF	Determines whether the password validation policy includes lowercase Latin (for example, European) letters. Whether this character class is required under this policy depends on the value of d2l.Auth.Password. NumRequiredCharacterClasses.
d2l.Auth.Password.IncludeNon AlphanumericCharacters	Org	OFF	Determines whether the password validation policy includes non-alphanumeric characters. Whether this character class is required under this policy depends on the value of d2l.Auth.Password. NumRequiredCharacterClasses.
d2l.Auth.Password.Include UppercaseLetters	Org	OFF	Determines whether the password validation policy includes uppercase Latin (for example, European) letters. Whether this character class is required under this policy depends on the value of d2l.Auth.Password. NumRequiredCharacterClasses.
d2l.Auth.Password.Interval BetweenResetRequests	Org	60	Determines the minimum allowable interval between subsequent password reset requests (in minutes).
d2l.Auth.Password.MaximumAge	Org	0	Determines the maximum number of days that a user can use a single password, before being required to change their password. A value of '0' disables this feature.
d2l.Auth.Password.Maximum AgeByRole	Role	0	Determines the maximum number of days that a user with a specific role can use a single password, before being required to change their password. Any role with a value of '0' will use the org value of d2l.Auth.Password. MaximumAge.
d2l.Auth.Password. MaximumAgeEmailWarningTime	Org	0	Determines the number of days before a user's password expires (due to maximum password age) for a warning email to be sent.
d2l.Auth.Password.MinimumAge	Org	0	Determines the minimum number of days that must elapse between user-initiated password changes. Does not affect password reset or admin-initiated password changes.
d2l.Auth.Password.MinimumLength	Org	8	The minimum number of characters required in a password.
d2l.Auth.Password. NumRequiredCharacterClasses	Org	0	Determines the number of character classes that must be met when validating potential passwords.
d2l.Auth.Password. PasswordHistoryLength	Org	24	Determines the number of recent passwords to check when validating potential passwords when d2l.Auth.Password. CheckPasswordHistory is enabled.
d2l.Auth.Password. PasswordResetLinkExpiry	Org	72	Determines the length of time that the Password Reset Link remains valid (in hours).
d2l.Auth.Password. ShowMySettingsLink	Org	ON	A configuration variable to enable or disable the Change Password plug-in in the My Settings homepage widget.
d2l.Auth.Password.UseRegEx	Org	ON	Determines whether to use d2l.Auth.Password. ValidationRegex instead of the generic password settings like d2l.Auth.Password.MinimumLength when validating potential passwords.
d2l.Auth.Password.ValidationRegex	Org	[^\r\n]{8,50}	A regular expression used to validate passwords. If you make changes to this variable, the language term Framework.Authentication.PasswordRequirements needs to be updated to reflect the new password requirements.

Sessions

Variable	Type	Default Value	Description
d2l.Auth.Sessions.OrgSessionLimit	Org	0	Maximum number of simultaneous sessions for a single org (or 0 for infinite).
d2l.Auth.Sessions. ShowSessionLimitMessages	Org	ON	Allow users to see why their login failed when it fails due to session limits.
d2l.Auth.Sessions.UserSessionLimit	Org	0	Maximum number of simultaneous sessions for a single user (or 0 for infinite).

Two Factor Authentication

Variable

Type

Default Value

Description

d2l.Auth.TwoFactor.SkipEnforcedTwoFactorPrompt

Org

Maximum number of times a single user with the Enforce Two Factor Authentication permission assigned to their role can skip the prompt to set up two factor authentication.

A value of -1 always allows skipping the prompt. A value of 0 never allows skipping.