Appendix: Default Project Template for LDAP
Appendix: Default Project Template for LDAP
A default project template ensures that all required information is added in the One Identity Manager. This includes mappings, workflows and the synchronization base object. If you do not use a default project template you must declare the synchronization base object in One Identity Manager yourself.
Use a default project template for initially setting up the synchronization project. For custom implementations, you can extend the synchronization project with the .Synchronization Editor
Detailed information about this topic
OpenDJ Basic Template
This project template is based on OpenDJ. The template uses mappings for the following schema types.
| Schema typeDefines an object type within a schema. Refers to exactly one table or view of the database based schema or exactly one object type of the non-database based schema. in LDAP |
Table in the One Identity Manager schema |
|---|---|
| domain | LDPDomain |
| organization | LDAPContainer |
| organizationalUnit | LDAPContainer |
| locality | LDAPContainer |
| container | LDAPContainer |
| groupOfNames | LDAPGroup |
| groupOfUniqueNames | LDAPGroup |
| groupOfURLs | LDAPGroup |
| inetOrgPerson | LDAPAccount |
Default Project Template for Active Directory Lightweight Directory Services
Default Project Template for Active Directory Lightweight Directory Services
This project template is based on Active Directory Lightweight Directory Services (AD LDS). The template uses mappings for the following schema types.
| Schema typeDefines an object type within a schema. Refers to exactly one table or view of the database based schema or exactly one object type of the non-database based schema. in AD LDS |
Table in the One Identity Manager schema |
|---|---|
| Container | LDAPContainer |
| country | LDAPContainer |
| domainDNS | LDAPContainer |
| foreignSecurityPrincipal | LDAPAccount |
| group | LDAPGroup |
| groupOfNames | LDAPGroup |
| inetOrgPerson | LDAPAccount |
| organization | LDAPContainer |
| organizationalUnit | LDAPContainer |
| user | LDAPAccount |
| userProxy | LDAPAccount |
| userProxyFull | LDAPAccount |
Appendix: Authentication Modules for Logging into the One Identity Manager
Appendix: Authentication Modules for Logging into the One Identity Manager
The following authentication modules are available for logging into One Identity Manager in once this module has been installed.
LDAP user account (dynamic)
|
Login Data |
Login name, identifier, distinguished name or user ID of an LDAP user account. LDAP user account's password. |
|
Prerequisites |
The employee exists in the database. The LDAP user account exists in the database and the employee is entered in the user account's master data. The configuration data for dynamically determining the system user is defined in the application. Thus, an employee can, for example, be assigned a system user dynamically depending on their department membership. |
|
Set as default |
No |
|
Single Sign-On |
No |
|
Front-end login allowed |
Yes |
|
Web Portal login allowed |
Yes |
|
Remarks |
If you log in using a login name, identifier or user ID, the corresponding user account is determined in the One Identity Manager database through the container's domain. Logging in with a distinguished name is done directly. One Identity Manager determines which employee is assigned to the LDAP user account. If an employee owns more than one identity, the configuration parameter "QER\Person\MasterIdentity\UseMasterForAuthentication" controls which employee is used for authentication.
The application configuration data is used to determine a system user, which is automatically assigned to the employee. The user interface and write permissions are loaded through the system user that is dynamically assigned to the logged in employee. Data modifications are attributed to the current user account. |
Modify the following configuration parameters in the Designer to implement the authentication module.
| Configuration parameter | Meaning |
|---|---|
|
TargetSystem\LDAP\Authentication |
The configuration parameter allows configuration of the LDAP authentication module. |
|
TargetSystem\LDAP\Authentication\Authentication |
The configuration parameter specified the authentication mechanism. Permitted values are "Secure", "Encryption", "SecureSocketsLayer", "ReadonlyServer", "Anonymous", "FastBind", "Signing", "Sealing", "Delegation" and "ServerBind". The value can be combined with commas (,). Default is ServerBind. |
|
TargetSystem\LDAP\Authentication\Port |
LDAP server's port. Default is port 389. |
|
TargetSystem\LDAP\Authentication\RootDN |
The configuration parameter contains the root domain's distinguished name. Syntax: dc=MyDomain |
|
TargetSystem\LDAP\Authentication\Server |
The configuration parameter contains the name of the LDAP server. |
LDAP user account (role based)
|
Login Data |
Login name, identifier, distinguished name or user ID of an LDAP user account. LDAP user account's password. |
|
Prerequisites |
The employee exists in the database. The employee is assigned at least one application role. The LDAP user account exists in the database and the employee is entered in the user account's master data. The configuration data for dynamically determining the system user is defined in the application. Thus, an employee can, for example, be assigned a system user dynamically depending on their department membership. |
|
Set as default |
No |
|
Single Sign-On |
No |
|
Front-end login allowed |
Yes |
|
Web Portal login allowed |
Yes |
|
Remarks |
If you log in using a login name, identifier or user ID, the corresponding user account is determined in the One Identity Manager database through the container's domain. Logging in with a distinguished name is done directly. One Identity Manager determines which employee is assigned to the LDAP user account. If an employee owns more than one identity, the configuration parameter "QER\Person\MasterIdentity\UseMasterForAuthentication" controls which employee is used for authentication.
A dynamic system user determined from the employee's application roles. The user interface and the write permissions are loaded through this system user. Data modifications are attributed to the current user account. |
Modify the following configuration parameters in the Designer to implement the authentication module.
| Configuration parameter | Meaning |
|---|---|
|
TargetSystem\LDAP\Authentication |
The configuration parameter allows configuration of the LDAP authentication module. |
|
TargetSystem\LDAP\Authentication\Authentication |
The configuration parameter specified the authentication mechanism. Permitted values are "Secure", "Encryption", "SecureSocketsLayer", "ReadonlyServer", "Anonymous", "FastBind", "Signing", "Sealing", "Delegation" and "ServerBind". The value can be combined with commas (,). Default is ServerBind. |
|
TargetSystem\LDAP\Authentication\Port |
LDAP server's port. Default is port 389. |
|
TargetSystem\LDAP\Authentication\RootDN |
The configuration parameter contains the root domain's distinguished name. Syntax: dc=MyDomain |
|
TargetSystem\LDAP\Authentication\Server |
The configuration parameter contains the name of the LDAP server. |