Chat now with support
Chat with Support

Identity Manager 8.1.5 - Administration Guide for Connecting to LDAP

Managing LDAP environments Synchronizing LDAP directories
Setting up initial LDAP directory synchronization Customizing the synchronization configuration Executing synchronization Tasks after a synchronization Troubleshooting
Basic configuration data LDAP domains LDAP user accounts LDAP groups LDAP container structures LDAP computers Reports about LDAP objects Configuration parameters for managing an LDAP environment Default project template for LDAP Generic LDAP connector settings

Master data for LDAP computers

Enter the following data for a computer.

Table 42: Computer master data
Property Description
Device

The computer is connected to this device. Specify a new device using the button next to the menu. For more detailed information about devices, see the One Identity Manager Identity Management Base Module Administration Guide

Name Computer identifier
Domain Domain in which to create the computer.
Container Container in which to create the computer. The distinguished name of the computer is determined by a template when the container is selected.
Structural object class Structural object class representing the object type.

Object class

List of classes defining the attributes for this object. However, in the input field, you can add object classes and auxiliary classes that are used by other LDAP and X.500 directory services.

Assigning LDAP computers directly to LDAP groups

Groups can be assigned directly or indirectly to a computer. Indirect assignment is carried out by allocating the device with which a computer is connected and groups to company structures, like departments, cost centers, locations, or business roles.

To react quickly to special requests, you can assign groups directly to a computer.

NOTE: Computers cannot be manually added to dynamic groups. Memberships in a dynamic group are determined through the condition of the dynamic group.

To assign a computer directly to groups

  1. In the Manager, select the LDAP | Computers category.

  2. Select the computer in the result list.

  3. Select the Assign groups task.

  4. In the Add assignments pane, assign groups.

    TIP: In the Remove assignments pane, you can remove the assignment of groups.

    To remove an assignment

    • Select the group and double-click .
  5. Save the changes.
Related topics

Reports about LDAP objects

One Identity Manager makes various reports available containing information about the selected base object and its relations to other One Identity Manager database objects. The following reports are available for LDAP.

NOTE: Other sections may be available depending on the which modules are installed.
Table 43: Reports for the target system

Report

Description

Overview of all assignments (domain)

This report find all roles containing employees with at least one user account in the selected domain.

Overview of all assignments (container)

This report finds all roles containing employees with at least one user account in the selected container.

Overview of all assignments (group)

 This report finds all roles containing employees with the selected group.

Show orphaned user accounts

This report shows all user accounts in the domain that are not assigned to an employee. The report contains group memberships and risk assessment.

Show employees with multiple user accounts

This report shows all employees with more than one user account in the domain. The report contains a risk assessment.

Show unused user accounts

This report shows all user accounts in the domain that have not been used in the last few months. The report contains group memberships and risk assessment.

Show entitlement drifts

This report shows all groups in the domain that are the result of manual operations in the target system rather than provisioned by One Identity Manager.

Show user accounts with an above average number of system entitlements

This report contains all user accounts in the domain with an above average number of group memberships.

LDAP user account and group administration

This report contains a summary of user account and group distribution in all domains. You can find this report in the My One Identity Manager category.

Data quality summary for LDAP user accounts

This report contains different evaluations of user account data quality in all domains. You can find this report in the My One Identity Manager category.

Related topics

Overview of all assignments

The Overview of all assignments report is displayed for some objects, such as authorizations, compliance rules, or roles. The report finds all the roles, for example, departments, cost centers, locations, business roles, and IT Shop structures in which there are employees who own the selected base object. In this case, direct as well as indirect base object assignments are included.

Examples
  • If the report is created for a resource, all roles are determined in which there are employees with this resource.
  • If the report is created for a group or another system entitlement, all roles are determined in which there are employees with this group or system entitlement.
  • If the report is created for a compliance rule, all roles are determined in which there are employees who violate this compliance rule.
  • If the report is created for a department, all roles are determined in which employees of the selected department are also members.
  • If the report is created for a business role, all roles are determined in which employees of the selected business role are also members.

To display detailed information about assignments

  • To display the report, select the base object from the navigation or the result list and select the Overview of all assignments report.
  • Click the Used by button in the report toolbar to select the role class for which you want to determine whether roles exist that contain employees with the selected base object.

    All the roles of the selected role class are shown. The color coding of elements identifies the role in which there are employees with the selected base object. The meaning of the report control elements is explained in a separate legend. To access the legend, click the icon in the report's toolbar.

  • Double-click a control to show all child roles belonging to the selected role.
  • By clicking the button in a role's control, you display all employees in the role with the base object.
  • Use the small arrow next to to start a wizard that allows you to bookmark this list of employees for tracking. This creates a new business role to which the employees are assigned.

Figure 3: Toolbar of the Overview of all assignments report.

Table 44: Meaning of icons in the report toolbar

Icon

Meaning

Show the legend with the meaning of the report control elements

Saves the current report view as a graphic.

Selects the role class used to generate the report.

Displays all roles or only the affected roles.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating