Chat now with support
Chat mit Support

Identity Manager 8.1.3 - Administration Guide for Connecting to LDAP

Managing LDAP environments Synchronizing LDAP directories
Setting up initial LDAP directory synchronization Customizing the synchronization configuration Executing synchronization Tasks after a synchronization Troubleshooting
Basic configuration data LDAP domains LDAP user accounts LDAP groups LDAP container structures LDAP computers Reports about LDAP objects Configuration parameters for managing an LDAP environment Default project template for LDAP Generic LDAP connector settings

Configuration parameters for managing an LDAP environment

The following configuration parameters are additionally available in One Identity Manager after the module has been installed.

Table 45: Configuration parameters for LDAP directory synchronization
Configuration parameter Description

TargetSystem | LDAP

Preprocessor relevant configuration parameter for controlling the database model components for the administration of the target system LDAP. If the parameter is set, the target system components are available. Changes to this parameter require the database to be recompiled.

TargetSystem | LDAP | Accounts

This configuration parameter permits configuration of user account data.

TargetSystem | LDAP | Accounts
| InitialRandomPassword

This configuration parameter specifies whether a random generated password is issued when a new user account is added. The password must contain at least those character sets that are defined in the password policy.

TargetSystem | LDAP | Accounts |
InitialRandomPassword | SendTo

This configuration parameter specifies to which employee the email with the random generated password should be sent (manager cost center/department/location/business role, employee’s manager or XUserInserted). If no recipient can be found, the password is sent to the address stored in the TargetSystem | LDAP | DefaultAddress configuration parameter.

TargetSystem | LDAP | Accounts |
InitialRandomPassword | SendTo |
MailTemplateAccountName

This configuration parameter contains the name of the mail template sent to provide users with the login data for their user accounts. The Employee - new user account created mail template is used.

TargetSystem | LDAP | Accounts |
InitialRandomPassword | SendTo |
MailTemplatePassword

This configuration parameter contains the name of the mail template sent to provide users with information about their initial password. The Employee - initial password for new user account mail template is used.

TargetSystem | LDAP | Accounts |
MailTemplateDefaultValues

This configuration parameter contains the mail template used to send notifications if default IT operating data mapping values are used for automatically creating a user account. The Employee - new user account with default properties created mail template is used.

TargetSystem | LDAP | Accounts |
PrivilegedAccount

This configuration parameter allows configuration of settings for privileged LDAP user accounts.

TargetSystem | LDAP | Accounts |
PrivilegedAccount | UserID_Postfix

This configuration parameter contains the postfix for formatting login names for privileged user accounts.

TargetSystem | LDAP | Accounts |
PrivilegedAccount | UserID_Prefix

This configuration parameter contains the prefix for formatting login names for privileged user accounts.

TargetSystem | LDAP | Authentication

This configuration parameter allows configuration of the LDAP authentication module.

For detailed information about the One Identity Manager authentication modules, see the One Identity Manager Authorization and Authentication Guide.

TargetSystem | LDAP | Authentication | Authentication

This configuration parameter specified the authentication mechanism. Permitted values are Secure, Encryption, SecureSocketsLayer, ReadonlyServer, Anonymous, FastBind, Signing, Sealing, Delegation, and ServerBind. The value can be combined with commas (,). For more information about authentication types, see the MSDN Library.

The default is ServerBind.

TargetSystem | LDAP | Authentication | Port

LDAP server port. The default is port 389.

TargetSystem | LDAP | Authentication | RootDN

The configuration parameter contains a pipe (|) delimited list of root domains to use for finding the user account for authentication.

Syntax:

DC=<MyDomain>|DC=<MyOtherDomain>

Example:

DC=Root1,DC=com|DC=Root2,DC=de

TargetSystem | LDAP | Authentication | Server

This configuration parameter contains the name of the LDAP server.

TargetSystem | LDAP | DefaultAddress

The configuration parameter contains the recipient's default email address for sending notifications about actions in the target system.

TargetSystem | LDAP |
HardwareInGroupFromOrg

The configuration parameter specifies whether computers are added to groups on the basis of group assignment to roles.

TargetSystem | LDAP |
MaxFullsyncDuration

This configuration parameter contains the maximum runtime for synchronization. No recalculation of group memberships by the DBQueue Processor can take place during this time. If the maximum runtime is exceeded, group membership are recalculated.

TargetSystem | LDAP |
PersonAutoDefault

This configuration parameter specifies the mode for automatic employee assignment for user accounts added to the database outside synchronization.

TargetSystem | LDAP |
PersonAutoDisabledAccounts

This configuration parameter specifies whether employees are automatically assigned to disabled user accounts. User accounts do not obtain an account definition.

TargetSystem | LDAP |
PersonAutoFullSync

This configuration parameter specifies the mode for automatic employee assignment for user accounts added to or updated in the database through synchronization.

Default project template for LDAP

A default project template ensures that all required information is added in One Identity Manager. This includes mappings, workflows, and the synchronization base object. If you do not use a default project template you must declare the synchronization base object in One Identity Manager yourself.

Use a default project template for initially setting up the synchronization project. For custom implementations, you can extend the synchronization project with the Synchronization Editor.

Detailed information about this topic

OpenDJ project template for the generic LDAP connector

This project template is based on OpenDJ. The template uses mappings for the following schema types.

Table 46: Mapping schema types to tables in the One Identity Manager schema.
Schema type in LDAP Table in the One Identity Manager Schema

domain

LDPDomain

organization

LDAPContainer

organizationalUnit

LDAPContainer

locality

LDAPContainer

container

LDAPContainer

groupOfNames

LDAPGroup

groupOfUniqueNames

LDAPGroup

groupOfURLs

LDAPGroup

inetOrgPerson

LDAPAccount

Active Directory Lightweight Directory Services project template for the generic LDAP connector

This project template is based on Active Directory Lightweight Directory Services (AD LDS). The template uses mappings for the following schema types.

Table 47: Mapping schema types to tables in the One Identity Manager schema.
Schema type in AD LDS Table in the One Identity Manager Schema

Container

LDAPContainer

country

LDAPContainer

domainDNS

LDAPContainer

foreignSecurityPrincipal

LDAPAccount

group

LDAPGroup

groupOfNames

LDAPGroup

inetOrgPerson

LDAPAccount

organization

LDAPContainer

organizationalUnit

LDAPContainer

user

LDAPAccount

userProxy

LDAPAccount

userProxyFull

LDAPAccount

Verwandte Dokumente