The following settings are configured for the system connection with the generic LDAP connector.
NOTE: Some of the settings are only available if you set the Configure advanced settings (expert mode) option in the system connection wizard.
Setting |
Meaning |
---|---|
Server |
IP address or full name of the LDAP server for connecting to the synchronization server to provide access to LDAP objects. Variable: CP_Server |
Port |
Communications port on the server. Default: 389 Variable: CP_Port |
Authentication type |
Authentication method for logging in to LDAP. The following are permitted:
Default: Basic Variable: CP_AuthenticationType |
User name |
Name of the user account for logging in to LDAP. Variable: CP_Username |
Password |
The user account’s password. Variable: CP_Password |
Enable sealing |
Specifies whether sealing is enabled. |
Enable signing |
Specifies whether signing is enabled. |
Use SSL |
Specifies whether the connection is SSL/TLS encrypted. Variable: CP_UseSsl |
Use StartTLS |
Specifies whether StartTLS is used for encryption. Variable: CP_UseStartTls |
Protocol version |
Version of the LDAP protocol. Default: 3 |
Search base |
Root entry for the search query, normally the LDAP domain. Variable: CP_RootEntry |
Request timeout |
Timeout for LDAP requests in seconds. Default: 3600 Variable: CP_ClientTimeout |
Use paged search |
Specifies whether LDAP objects are loaded by page. If you use this option (default), enter the page size. |
Page size |
Maximum number of objects to load per page. Default: 500 |
Use DeleteTree control when deleting entries |
Specifies if the LDAP server sends the DeleteTree control to delete entries with sub-entries during deletion. Variable:CP_LDAP_UseDeleteTree |
Save LDAP schema in local cache |
Specifies whether the LDAP schema should be kept in local cache. This accelerates synchronization and provisioning of LDAP objects. The cache is stored on the computer used to create the connection, under %Appdata%\...\Local\One Identity\One Identity Manager\Cache\LdapConnector. Default: False Variable: CP_CacheSchema |
Object identification attribute |
Attribute that can be used to uniquely identify the objects in LDAP. The attribute must be unique and set for all objects LDAP. Default: entryUUID Variable: CP_Guid_Attribute |
Revision properties |
Properties used for revision filtering. Default: createTimestamp, modifyTimestamp |
Define auxiliary classes |
You can use this schema function to change the type of an object class. This may be necessary if a non-RFC compliant LDAP system allows assignment of several structural object classes to one entry although only one structural class is allowed. Assigning more than one structural class means that an LDAP entry cannot be uniquely assigned to a schema type. If structural object classes have been defined that only serve as property extensions (meaning auxiliary classes), you can, with help from this option, set the connector to handle the object class as an auxiliary class. NOTE: Object classes that are configured as auxiliary are subsequently not handled as independent schema types and cannot, therefore, be synchronized separately. |
Virtual classes | Additional virtual classes. These support LDAP system that are non-RFC compliant and allow more that one structural class for each object. |
Server supports renaming of entries |
Specifies whether the server supports renaming of entries. Default: False |
Server supports moving of entries |
Specifies whether the server supports moving of entries. Default: False |
Auxiliary class assignment |
Assigns additional auxiliary classes to structural classes. Auxiliary classes are classes of type Auxiliary and contain attributes for extending structural classes. Auxiliary class attributes are offered as optional attributes for structural classes in the schema. NOTE: To map the attributes of the auxiliary classes in One Identity Manager, custom extensions to the One Identity Manager schema may be necessary under certain circumstances. Use the Schema Extension program to do this. |
Functional attributes |
Attributes that are calculated for LDAP objects. Functional attributes are used for managing directories. Functional attributes are added to each schema class of the parent function. NOTE: To map the operational attributes in One Identity Manager, custom extensions to the One Identity Manager schema may be required. Use the Schema Extension program to do this. |
Identity dynamic groups | Attributes that contain the URL with search data for determining members of dynamic groups, for example memberURL. |
Password attribute |
Attribute that represents the password of a user account, for example, userPassword. |
Password change method |
Method for changing passwords. Permitted values are:
|
LDAP domain |
Unique identifier of the domain in the form: <DN part 1> (<server from connection parameters>) Variable: $IdentDomain$ |