TargetSystem | LDAP |
Preprocessor relevant configuration parameter for controlling database model components for LDAP target system administration. If the parameter is set, the target system components are available. Changes to this parameter require the database to be recompiled.
If you disable the configuration parameter at a later date, model components and scripts that are no longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide. |
TargetSystem | LDAP | Accounts |
Allows configuration of user account data. |
TargetSystem | LDAP | Accounts | InitialRandomPassword |
Specifies whether a random password is generated when a new user account is added. The password must contain at least those character sets that are defined in the password policy. |
TargetSystem | LDAP | Accounts | InitialRandomPassword | SendTo |
Identity to receive an email with the random generated password (manager cost center/department/location/business role, identity’s manager or XUserInserted). If no recipient can be found, the password is sent to the address stored in the TargetSystem | LDAP | DefaultAddress configuration parameter. |
TargetSystem | LDAP | Accounts | InitialRandomPassword | SendTo | MailTemplateAccountName |
Mail template name that is sent to supply users with the login credentials for the user account. The Identity - new user account created mail template is used. |
TargetSystem | LDAP | Accounts | InitialRandomPassword | SendTo | MailTemplatePassword |
Mail template name that is sent to supply users with the initial password. The Identity - initial password for new user account mail template is used. |
TargetSystem | LDAP | Accounts | MailTemplateDefaultValues |
Mail template used to send notifications about whether default IT operating data mapping values are used for automatically creating a user account. The Identity - new user account with default properties created mail template is used. |
TargetSystem | LDAP | Accounts | PrivilegedAccount |
Allows configuration of privileged LDAP user account settings. |
TargetSystem | LDAP | Accounts | PrivilegedAccount | UserID_Postfix |
Postfix for formatting the login name of privileged user accounts. |
TargetSystem | LDAP | Accounts | PrivilegedAccount | UserID_Prefix |
Prefix for formatting a login name of privileged user accounts. |
TargetSystem | LDAP | Authentication |
Allows configuration of the LDAP authentication module.
For more information about One Identity Manager authentication modules, see the One Identity Manager Authorization and Authentication Guide. |
TargetSystem | LDAP | Authentication | Authentication |
Authentication mechanism. Permitted values are Secure, Encryption, SecureSocketsLayer, ReadonlyServer, Anonymous, FastBind, Signing, Sealing, Delegation, and ServerBind. The value can be combined with commas (,). For more information about authentication types, see the MSDN Library.
Default: ServerBind |
TargetSystem | LDAP | Authentication | Port |
Communications port on the server.
Default: 389 |
TargetSystem | LDAP | Authentication | RootDN |
Pipe (|) delimited list of root domains to be used to find the user account for authentication.
Syntax:
DC=<MyDomain>|DC=<MyOtherDomain>
Example:
DC=Root1,DC=com|DC=Root2,DC=de |
TargetSystem | LDAP | Authentication | Server |
Name of the LDAP server. |
TargetSystem | LDAP | AuthenticationV2 |
Allows configuration of the LDAP authentication module.
For more information about One Identity Manager authentication modules, see the One Identity Manager Authorization and Authentication Guide. |
TargetSystem | LDAP | AuthenticationV2 | AcceptSelfSigned |
Specifies whether self-signed certificates are accepted. |
TargetSystem | LDAP | AuthenticationV2 | Authentication |
Authentication method for logging in to LDAP. The following are permitted:
-
Basic: Uses default authentication.
-
Negotiate: Uses Negotiate authentication from Microsoft.
-
Kerberos: Uses Kerberos authentication.
-
NTLM: Uses Windows NT Challenge/Response (NTLM) authentication.
Default: Basic
For more information about authentication types, see the MSDN Library. |
TargetSystem | LDAP | AuthenticationV2 | ClientTimeout |
Client timeout in seconds. |
TargetSystem | LDAP | AuthenticationV2 | Port |
Communications port on the server.
Default: 389 |
TargetSystem | LDAP | AuthenticationV2 | ProtocolVersion |
Version of the LDAP protocol. The values 2 and 3 are permitted.
Default: 3 |
TargetSystem | LDAP | AuthenticationV2 | RootDN |
Pipe (|) delimited list of root domains to be used to find the user account for authentication.
Syntax:
DC=<MyDomain>|DC=<MyOtherDomain>
Example:
DC=Root1,DC=com|DC=Root2,DC=de |
TargetSystem | LDAP | AuthenticationV2 | Security |
Connection security. Permitted values are None, SSL and STARTTLS. |
TargetSystem | LDAP | AuthenticationV2 | Server |
Name of the LDAP server. |
TargetSystem | LDAP | AuthenticationV2 | UseSealing |
Specifies whether sealing is enabled. |
TargetSystem | LDAP | AuthenticationV2 | UseSigning |
Specifies whether signing is enabled. |
TargetSystem | LDAP | AuthenticationV2 | VerifyServerCertificate |
Specifies whether to check the server certificate when encrypting with SSL. |
TargetSystem | LDAP | DefaultAddress |
Default email address of the recipient for notifications about actions in the target system. |
TargetSystem | LDAP | HardwareInGroupFromOrg |
Specifies whether computers are added to groups based on group assignment to roles. |
TargetSystem | LDAP | MaxFullsyncDuration |
Maximum runtime of a synchronization in minutes. No recalculation of group memberships by the DBQueue Processor can take place during this time. If the maximum runtime is exceeded, group membership are recalculated. |
TargetSystem | LDAP | PersonAutoDefault |
Mode for automatic identity assignment for user accounts added to the database outside synchronization. |
TargetSystem | LDAP | PersonAutoDisabledAccounts |
Specifies whether identities are automatically assigned to disabled user accounts. User accounts are not given an account definition. |
TargetSystem | LDAP | PersonAutoFullSync |
Mode for automatic identity assignment for user accounts that are added to or updated in the database by synchronization. |