Chat now with support
Chat with Support

Identity Manager 8.2.1 - Administration Guide for Connecting to LDAP

About this guide Managing LDAP environments Synchronizing LDAP directories
Setting up initial LDAP directory synchronization Adjusting the synchronization configuration for LDAP environments Running synchronization Tasks following synchronization Troubleshooting Ignoring data error in synchronization
Managing LDAP user accounts and employees Managing memberships in LDAP groups Login information for LDAP user accounts Mapping LDAP objects in One Identity Manager Handling of LDAP objects in the Web Portal Basic data for managing an LDAP environment Troubleshooting Configuration parameters for managing an LDAP environment Default project template for LDAP Generic LDAP connector settings LDAP connector V2 settings

LDAP domains

The target system for the synchronization with an LDAP directory is the domain. Domains are added as base objects for the synchronization in One Identity Manager. They are used for to configure process provisioning, automatic assignment of employees to user accounts, and for inheriting user accounts from LDAP user groups.

Detailed information about this topic

Creating LDAP domains

NOTE: If you use a default project template, the Synchronization Editor sets up the domains in the One Identity Manager database. If necessary, domains can also be created in the Manager.

To create an LDAP domain

  1. In the Manager, select the LDAP > Domains category.

  2. Click in the result list.

  3. On the main data form, edit the main data for the domain.

  4. Save the changes.
Related topics

Editing main data of LDAP domains

To edit the main data of an LDAP domain

  1. In the Manager, select the LDAP > Domains category.

  2. Select the domain in the result list.

  3. Select the Change main data task.

  4. Edit the domain's main data.

  5. Save the changes.
Related topics

General main data for LDAP domains

Enter the following data on the General tab.

Table 22: Domain main data

Property

Description

Domain

NetBIOS domain name.

Full domain name

Name of the domain confirming to DNS syntax.

Name of this domain.name of parent domain.name of default domain

Example

Docu.Testlab.dd

LDAP system type

Type of the LDAP system.

Display name

The display name is used to display the domain in the user interface. This is preset with the domain NetBIOS name; however, the display name can be changed.

Object class List of classes defining the attributes for this object. The default object class is DOMAIN. However, in the input field, you can add object classes and auxiliary classes that are used by other LDAP and X.500 directory services.

Distinguished name

Distinguished name of the domain. The distinguished name is determined using a template from the full domain name and cannot be edited.

Canonical name Canonical name of the domain.

Account definition (initial)

Initial account definition for creating user accounts. This account definition is used if automatic assignment of employees to user accounts is used for this domain and if user accounts are to be created that are already managed (Linked configured). The account definition's default manage level is applied.

User accounts are only linked to the employee (Linked) if no account definition is given. This is the case on initial synchronization, for example.

Target system managers

Application role in which target system managers are specified for the domain. Target system managers only edit the objects from domains that are assigned to them. Therefore, each domain can have a different target system manager assigned to it.

Select the One Identity Manager application role whose members are responsible for administration of this domain. Use the button to add a new application role.

Synchronized by

Type of synchronization through which the data is synchronized between the domain and One Identity Manager. You can no longer change the synchronization type once objects for these domains are present in One Identity Manager.

If you create a domain with the Synchronization Editor, One Identity Manager is used.

Table 23: Permitted values
Value Synchronization by Provisioned by

One Identity Manager

LDAP connector

LDAP connector

No synchronization

none

none

NOTE: If you select No synchronization, you can define custom processes to exchange data between One Identity Manager and the target system.

Description

Text field for additional explanation.

Structural object class Structural object class representing the object type.
Related topics
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating