Chat now with support
Chat with Support

Active Roles 8.1.3 - Synchronization Service Administration Guide

Synchronization Service overview Deploying Synchronization Service Deploying Synchronization Service for use with AWS Managed Microsoft AD Getting started Connections to external data systems
External data systems supported with built-in connectors
Working with Active Directory Working with an AD LDS (ADAM) instance Working with Skype for Business Server Working with Oracle Database Working with Oracle Database user accounts Working with Exchange Server Working with Active Roles Working with One Identity Manager Working with a delimited text file Working with Microsoft SQL Server Working with Micro Focus NetIQ Directory Working with Salesforce Working with ServiceNow Working with Oracle Unified Directory Working with an LDAP directory service Working with an OpenLDAP directory service Working with IBM DB2 Working with IBM AS/400 Working with IBM RACF Working with MySQL database Working with an OLE DB-compliant relational database Working with SharePoint Working with Microsoft 365 Working with Microsoft Azure Active Directory Configuring data synchronization with the SCIM Connector Configuring data synchronization with the Generic SCIM Connector
Using connectors installed remotely Creating a connection Renaming a connection Deleting a connection Modifying synchronization scope for a connection Using connection handlers Specifying password synchronization settings for a connection
Synchronizing identity data Mapping objects Automated password synchronization Synchronization history Scenarios of use Developing PowerShell scripts for attribute synchronization rules Using PowerShell script to transform passwords

Specify connection settings for a Generic LDAP directory service connection

This expandable item provides the following options that allow you to modify the connection settings:

  • Server: Type the fully qualified domain name of the computer running an LDAP directory service to which you want to connect.

  • Port: Type the number of the communication port used by the LDAP server to which you want to connect.

  • Use TLS/SSL: Allows you to use the TLS (SSL) encryption to establish and maintain the connection.

  • Use connectionless LDAP: Enables the use of the connectionless LDAP (CLDAP) protocol for the connection.

  • User name: Type the user name of the account with which you want to bind.

  • Password: Type the password of the account with which you want to bind.

  • Bind with Synchronization Service account: Allows you to bind with the account under which the Synchronization Service is running.

  • Bind with credentials: Allows you to bind by specifying the credentials of a particular user account.

  • Use simple bind: Allows you to bind either without specifying user account credentials or with a user password only. In the latter case, the password you type is transmitted as clear text.

  • Use custom bind: Allows you to configure a number of advanced settings for binding. Click Configure, and then use the next options.

  • From this Authentication method list, select one of the following methods:

    • Anonymous: Allows you to establish the connection without passing credentials.

    • Basic: Specifies to use basic authentication.

    • Microsoft Negotiate: Specifies to use Microsoft Negotiate authentication.

    • NTLM: Specifies to use Windows NT Challenge/Response authentication.

    • Digest: Specifies to use Digest Access authentication.

    • Sicily: Employs a negotiation mechanism (Sicily) to choose the Microsoft Network Authentication Service, Distributed Password Authentication, or NTLM method.

    • Distributed Password Authentication: Specifies to use DPA authentication.

    • Microsoft Network Authentication Service: Specifies to authenticate with Microsoft Network Authentication Service.

    • External: Specifies to use an external authentication method for the connection.

    • Kerberos: Specifies to use Kerberos authentication.

    You can also use the following check boxes:

    • Use TLS/SSL: Allows you to use the TLS (SSL) encryption to establish and maintain the connection.

    • Switch to TLS/SSL after establishing connection: Establishes the connection without using the TLS (SSL) encryption. Then, after the connection has been established, enables the TLS (SSL) encryption.

    • Verify TLS/SSL certificate: Specifies whether or not to check the TLS (SSL) certificate on the server.

    • Use paged search: Specifies whether or not to use paged search for the connection. When selecting this check box, you can set a page size limit in the text box below.

  • To test the connection with the new parameters, click Test connection.

Specify directory partitions for a Generic LDAP directory service connection

Allows you to specify the directory partitions you want to participate in the synchronization operations by selecting the check boxes next to such directory partitions. You can also use the following additional options:

  • Select all: Selects the check boxes next to all directory partitions in the list.

  • Add: Adds a new directory partition to the list.

  • Remove: Removes currently selected directory partition from the list.

  • To test the connection with the new parameters, click Test connection.

Specify naming attributes for a Generic LDAP directory service connection

Every object in an LDAP directory service has a naming attribute from which the object name is formed. When you create a connection to an LDAP directory service, a default naming attribute is selected for each object type in the data system. You can use the Specify Naming Attributes item to view the naming attribute currently selected for each object type in the data system and optionally specify a different naming attribute.

This expandable item provides following options:

  • Default naming attribute: Displays the default naming attribute set for the currently selected object type.

  • Add: Adds a new naming attribute for the selected object type.

  • Edit: Allows you to edit the name of the naming attribute currently specified for the selected object type.

  • Remove: Removes the currently selected entry from the list.

Specify attributes to identify objects for a Generic LDAP directory service connection

This expandable item provides the following options that allow you to specify the attributes with which you wish to uniquely identify each object in the connected LDAP directory service:

  • Available attributes: Lists the attributes that are available in the external data system. Use this list to select the attributes whose values you want to use to generate a unique identifier for each object in the external data system. You can filter attributes by typing in the text box at the top of this list. To select multiple attributes, hold down CTRL and click to select attributes in the list.

  • UniqueID attributes: Lists the attributes whose values are currently used to generate a unique identifier for each object in the external data system.

  • Add->: Moves the selected attributes from the Available attributes list to the UniqueID attributes list.

  • <-Remove: Moves the selected attributes from the UniqueID attributes list to the Available attributes list.

  • Constructed UniqueID: Displays a combination of the attributes whose values will make up a unique identifier for each object in the external data system.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating