지금 지원 담당자와 채팅

라이브 도움말 보기
등록 완료

로그인

가격 산정 요청

영업 담당자에게 문의

Identity Manager 9.0 LTS - Administration Guide for Connecting to LDAP

콘텐츠 탐색

About this guide Managing LDAP environments

Architecture overview One Identity Manager users for managing LDAP Configuration parameters for managing LDAP environments

Synchronizing LDAP directories

Setting up initial LDAP directory synchronization

Users and permissions for synchronizing with LDAP Special cases for synchronizing Active Directory Lightweight Directory Services Special cases for synchronizing Oracle Directory Server Enterprise Edition Setting up the LDAP synchronization server

System requirements for the LDAP synchronization server Installing One Identity Manager Service with an LDAP connector

Creating a synchronization project for initial synchronization of an LDAP domain

Information required to set up a synchronization project Creating an initial synchronization project for an LDAP domain with the LDAP connector V2

Configuring the synchronization log

Adjusting the synchronization configuration for LDAP environments

Configuring synchronization in LDAP domains Configuring synchronization of several LDAP domains Changing system connection settings of LDAP domains

Editing connection parameters in the variable set Editing target system connection properties Extended schema configuration with the LDAP connector V2

Updating schemas Speeding up synchronization with revision filtering Configuring the provisioning of memberships Configuring single object synchronization Accelerating provisioning and single object synchronization

Running synchronization

Starting synchronization Displaying synchronization results Deactivating synchronization Synchronizing single objects

Tasks following synchronization

Post-processing outstanding objects Adding custom tables to the target system synchronization Managing LDAP user accounts through account definitions

Troubleshooting Ignoring data error in synchronization Pausing handling of target system specific processes (Offline mode)

Managing LDAP user accounts and employees

Account definitions for LDAP user accounts

Creating account definitions Editing account definitions Main data for account definitions Editing manage levels Creating manage levels Assigning manage levels to account definitions Main data for manage levels Creating mapping rules for IT operating data Entering IT operating data Modify IT operating data Assigning account definitions to employees

Assigning account definitions to departments, cost centers, and locations Assigning account definitions to business roles Assigning account definitions to all employees Assigning account definitions directly to employees Assigning account definitions to system roles Adding account definitions in the IT Shop

Assigning account definitions to LDAP domains Deleting account definitions

Assigning employees automatically to LDAP user accounts

Editing search criteria for automatic employee assignment Finding employees and directly assigning them to user accounts Changing manage levels for LDAP user accounts Assigning account definitions to linked LDAP user accounts

Manually linking employees to LDAP user accounts Supported user account types

Default user accounts Administrative user accounts

Providing administrative user accounts for one employee Providing administrative user accounts for several employees

Privileged user accounts

Specifying deferred deletion for LDAP user accounts

Managing memberships in LDAP groups

Assigning LDAP groups to LDAP user accounts and LDAP computers in One Identity Manager

Prerequisites for indirect assignment of LDAP groups Assigning LDAP groups to departments, cost centers, and locations Assigning LDAP groups to business roles Adding LDAP groups to system roles Adding LDAP groups to the IT Shop Assigning LDAP user accounts directly to LDAP groups Assigning LDAP groups directly to LDAP user accounts Assigning LDAP computers directly to LDAP groups Assigning LDAP groups directly to LDAP computers

Effectiveness of membership in LDAP user groups LDAP group inheritance based on categories Overview of all assignments

Login information for LDAP user accounts

Password policies for LDAP user accounts

Predefined password policies Using password policies Editing password policies Creating password policies General main data of password policies Policy settings Character classes for passwords Custom scripts for password requirements

Checking passwords with a script Generating passwords with a script

Editing the excluded list for passwords Checking passwords Testing the generation of passwords

Initial password for new LDAP user accounts Email notifications about login data

Mapping LDAP objects in One Identity Manager

Creating LDAP domains Editing main data of LDAP domains General main data for LDAP domains LDAP specific main data for LDAP domains Defining categories for inheritance by LDAP groups Editing the synchronization project for an LDAP domain Displaying the LDAP domain overview

LDAP container structures

Creating LDAP containers Editing main data of LDAP containers General main data for LDAP containers Contact data for LDAP containers Address information for LDAP containers Assigning extended properties to LDAP containers Displaying the LDAP container overview

LDAP user accounts

Creating LDAP user accounts Editing main data of LDAP user accounts General main data of LDAP user accounts Contact information for LDAP user accounts Address information for LDAP user accounts Organizational data for LDAP user accounts Miscellaneous data for LDAP user accounts Assigning extended properties to LDAP user accounts Disabling LDAP user accounts Deleting and restoring LDAP user accounts Displaying the LDAP user account overview

Creating LDAP groups Editing main data of LDAP groups LDAP group main data Assigning extended properties to LDAP groups Adding LDAP groups to LDAP groups Deleting LDAP groups Displaying the LDAP group overview

Creating LDAP computers Editing main data of LDAP computers Main data for LDAP computers Displaying the LDAP computer overview

Reports about LDAP objects

Handling of LDAP objects in the Web Portal Basic data for managing an LDAP environment

Target system managers for LDAP Job server for LDAP-specific process handling

Editing LDAP Job servers General main data of Job servers Specifying server functions

Troubleshooting

Possible errors when synchronizing an OpenDJ environment Errors connecting multiple LDAP systems with the same distinguished name

Configuration parameters for managing an LDAP environment Default project template for LDAP

OpenDJ project template for the LDAP connector V2 Active Directory Lightweight Directory Services project template for the LDAP connector V2 Oracle Directory Server Enterprise Edition template for the LDAP connector V2 Generic project template for the LDAP connector V2

LDAP connector V2 settings

Generating passwords with a script

You can implement a generating script if additional policies need to be used for generating a random password, which cannot be mapped with the available settings.

Syntax for generating script

Public Sub CCC_PwdGenerate( policy As VI.DB.Passwords.PasswordPolicy, spwd As System.Security.SecureString)

With parameters:

policy = password policy object

spwd = generated password

TIP: To use a base object, take the Entity property of the PasswordPolicy class.

Example: Script that generates a password

In random passwords, this script replaces the invalid characters ? and ! at the beginning of a password with _.

Public Sub CCC_PwdGenerate( policy As VI.DB.Passwords.PasswordPolicy, spwd As System.Security.SecureString)

Dim pwd = spwd.ToInsecureArray()

' replace invalid characters at first position

If pwd.Length>0

If pwd(0)="?" Or pwd(0)="!"

spwd.SetAt(0, CChar("_"))

End If

End If

End Sub

To use a custom script for generating a password

In the Designer, create your script in the Script Library category.
Edit the password policy.
1. In the Manager, select the LDAP > Basic configuration data > Password policies category.
2. In the result list, select the password policy.
3. Select the Change main data task.
4. On the Scripts tab, enter the name of the script to be used to generate a password in the Generating script field.
5. Save the changes.

Related topics

Checking passwords with a script

Editing the excluded list for passwords

You can add words to a list of restricted terms to prohibit them from being used in passwords.

NOTE: The restricted list applies globally to all password policies.

To add a term to the restricted list

In the Designer, select the Base data > Security settings > Password policies category.
Create a new entry with the Object > New menu item and enter the term you want to exclude from the list.
Save the changes.

Checking passwords

When you verify a password, all the password policy settings, custom scripts, and the restricted passwords are taken into account.

To verify if a password conforms to the password policy

In the Manager, select the LDAP > Basic configuration data > Password policies category.
In the result list, select the password policy.
Select the Change main data task.
Select the Test tab.
Select the table and object to be tested in Base object for test.
Enter a password in Enter password to test.

A display next to the password shows whether it is valid or not.

Testing the generation of passwords

When you generate a password, all the password policy settings, custom scripts and the restricted passwords are taken into account.

To generate a password that conforms to the password policy

In the Manager, select the LDAP > Basic configuration data > Password policies category.
In the result list, select the password policy.
Select the Change main data task.
Select the Test tab.
Click Generate.

This generates and displays a password.

관련 문서

The document was helpful.

평가 결과 선택

I easily found the information I needed.

평가 결과 선택

© 2024 One Identity LLC. ALL RIGHTS RESERVED. Feedback 이용 약관 개인정보 보호정책 Cookie Preference Center