Chat now with support

Get Live Help
Complete Registration

Sign In

Request Pricing

Contact Sales

Identity Manager 9.0 LTS - Administration Guide for Connecting to LDAP

Table of Contents

About this guide Managing LDAP environments

Architecture overview One Identity Manager users for managing LDAP Configuration parameters for managing LDAP environments

Synchronizing LDAP directories

Setting up initial LDAP directory synchronization

Users and permissions for synchronizing with LDAP Special cases for synchronizing Active Directory Lightweight Directory Services Special cases for synchronizing Oracle Directory Server Enterprise Edition Setting up the LDAP synchronization server

System requirements for the LDAP synchronization server Installing One Identity Manager Service with an LDAP connector

Creating a synchronization project for initial synchronization of an LDAP domain

Information required to set up a synchronization project Creating an initial synchronization project for an LDAP domain with the LDAP connector V2

Configuring the synchronization log

Adjusting the synchronization configuration for LDAP environments

Configuring synchronization in LDAP domains Configuring synchronization of several LDAP domains Changing system connection settings of LDAP domains

Editing connection parameters in the variable set Editing target system connection properties Extended schema configuration with the LDAP connector V2

Updating schemas Speeding up synchronization with revision filtering Configuring the provisioning of memberships Configuring single object synchronization Accelerating provisioning and single object synchronization

Running synchronization

Starting synchronization Displaying synchronization results Deactivating synchronization Synchronizing single objects

Tasks following synchronization

Post-processing outstanding objects Adding custom tables to the target system synchronization Managing LDAP user accounts through account definitions

Troubleshooting Ignoring data error in synchronization Pausing handling of target system specific processes (Offline mode)

Managing LDAP user accounts and employees

Account definitions for LDAP user accounts

Creating account definitions Editing account definitions Main data for account definitions Editing manage levels Creating manage levels Assigning manage levels to account definitions Main data for manage levels Creating mapping rules for IT operating data Entering IT operating data Modify IT operating data Assigning account definitions to employees

Assigning account definitions to departments, cost centers, and locations Assigning account definitions to business roles Assigning account definitions to all employees Assigning account definitions directly to employees Assigning account definitions to system roles Adding account definitions in the IT Shop

Assigning account definitions to LDAP domains Deleting account definitions

Assigning employees automatically to LDAP user accounts

Editing search criteria for automatic employee assignment Finding employees and directly assigning them to user accounts Changing manage levels for LDAP user accounts Assigning account definitions to linked LDAP user accounts

Manually linking employees to LDAP user accounts Supported user account types

Default user accounts Administrative user accounts

Providing administrative user accounts for one employee Providing administrative user accounts for several employees

Privileged user accounts

Specifying deferred deletion for LDAP user accounts

Managing memberships in LDAP groups

Assigning LDAP groups to LDAP user accounts and LDAP computers in One Identity Manager

Prerequisites for indirect assignment of LDAP groups Assigning LDAP groups to departments, cost centers, and locations Assigning LDAP groups to business roles Adding LDAP groups to system roles Adding LDAP groups to the IT Shop Assigning LDAP user accounts directly to LDAP groups Assigning LDAP groups directly to LDAP user accounts Assigning LDAP computers directly to LDAP groups Assigning LDAP groups directly to LDAP computers

Effectiveness of membership in LDAP user groups LDAP group inheritance based on categories Overview of all assignments

Login information for LDAP user accounts

Password policies for LDAP user accounts

Predefined password policies Using password policies Editing password policies Creating password policies General main data of password policies Policy settings Character classes for passwords Custom scripts for password requirements

Checking passwords with a script Generating passwords with a script

Editing the excluded list for passwords Checking passwords Testing the generation of passwords

Initial password for new LDAP user accounts Email notifications about login data

Mapping LDAP objects in One Identity Manager

Creating LDAP domains Editing main data of LDAP domains General main data for LDAP domains LDAP specific main data for LDAP domains Defining categories for inheritance by LDAP groups Editing the synchronization project for an LDAP domain Displaying the LDAP domain overview

LDAP container structures

Creating LDAP containers Editing main data of LDAP containers General main data for LDAP containers Contact data for LDAP containers Address information for LDAP containers Assigning extended properties to LDAP containers Displaying the LDAP container overview

LDAP user accounts

Creating LDAP user accounts Editing main data of LDAP user accounts General main data of LDAP user accounts Contact information for LDAP user accounts Address information for LDAP user accounts Organizational data for LDAP user accounts Miscellaneous data for LDAP user accounts Assigning extended properties to LDAP user accounts Disabling LDAP user accounts Deleting and restoring LDAP user accounts Displaying the LDAP user account overview

Creating LDAP groups Editing main data of LDAP groups LDAP group main data Assigning extended properties to LDAP groups Adding LDAP groups to LDAP groups Deleting LDAP groups Displaying the LDAP group overview

Creating LDAP computers Editing main data of LDAP computers Main data for LDAP computers Displaying the LDAP computer overview

Reports about LDAP objects

Handling of LDAP objects in the Web Portal Basic data for managing an LDAP environment

Target system managers for LDAP Job server for LDAP-specific process handling

Editing LDAP Job servers General main data of Job servers Specifying server functions

Troubleshooting

Possible errors when synchronizing an OpenDJ environment Errors connecting multiple LDAP systems with the same distinguished name

Configuration parameters for managing an LDAP environment Default project template for LDAP

OpenDJ project template for the LDAP connector V2 Active Directory Lightweight Directory Services project template for the LDAP connector V2 Oracle Directory Server Enterprise Edition template for the LDAP connector V2 Generic project template for the LDAP connector V2

LDAP connector V2 settings

Adding LDAP groups to LDAP groups

Use this task to add a group to another group. This means that the groups can be hierarchically structured.

To assign groups directly to a group as members

In the Manager, select the LDAP > Groups category.
Select the group in the result list.
Select the Assign groups category.
Select the Has members tab.
Assign child groups in Add assignments.
TIP: In the Remove assignments pane, you can remove the assignment of groups.

To remove an assignment
- Select the group and double-click .
Save the changes.

To add a group as a member of other groups

In the Manager, select the LDAP > Groups category.
Select the group in the result list.
Select the Assign groups task.
Select the Is member of tab.
In the Add assignments pane, assign parent groups.
TIP: In the Remove assignments pane, you can remove the assignment of groups.

To remove an assignment
- Select the group and double-click .
Save the changes.

Deleting LDAP groups

The group is deleted permanently from the One Identity Manager database and from LDAP.

To delete a group

In the Manager, select the LDAP > Groups category.
Select the group in the result list.
Click in the result list.
Confirm the security prompt with Yes.

Displaying the LDAP group overview

Use this task to obtain an overview of the most important information about a group.

To obtain an overview of a group

In the Manager, select the LDAP > Groups category.
Select the group in the result list.
Select the LDAP group overview task.

LDAP computers

The One Identity Manager data model is designed to manage administration of LDAP directory computers and servers. To synchronize this data with LDAP, customize the synchronization project accordingly.

Related topics

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating

© 2024 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center