立即与支持人员聊天

获得即时帮助
完成注册

登录

请求定价

联系销售人员

Identity Manager 8.1.4 - Administration Guide for Connecting to LDAP

Managing LDAP environments

Architecture overview One Identity Manager users for managing LDAP

Synchronizing LDAP directories

Setting up initial LDAP directory synchronization

Users and permissions for synchronizing with LDAP Special cases for synchronizing Active Directory Lightweight Directory Services Special cases for synchronizing Oracle Directory Server Enterprise Edition Setting up the LDAP synchronization server

System requirements for the LDAP synchronization server Installing One Identity Manager Service with LDAP connector

Creating a synchronization project for initial synchronization of an LDAP domain

Information required for setting up a synchronization project Creating an initial synchronization project for an LDAP domain with the generic LDAP connector

Configuring the synchronization log

Customizing the synchronization configuration

Configuring synchronization in LDAP domains Configuring synchronization of several LDAP domains Changing settings of LDAP domain system connections

Editing connection parameters in the variable set Editing target system connection properties Advanced settings of a generic LDAP connector

Updating schemas Speeding up synchronization with revision filtering Configuring the provisioning of memberships Configuring single object synchronization Accelerating provisioning and single object synchronization

Executing synchronization

Starting synchronization Displaying synchronization results Deactivating synchronization Synchronizing single objects

Tasks after a synchronization

Post-processing outstanding objects Adding custom tables to the target system synchronization Managing LDAP user accounts through account definitions

Troubleshooting

Basic configuration data

Account definitions for LDAP user accounts

Creating an account definition

Master data for an account definition

Creating manage levels

Master data for manage levels

Creating a formatting rule for IT operating data Collecting IT operating data Modify IT operating data Assigning account definitions to employees

Assigning account definitions to departments, cost centers, and locations Assigning account definitions to business roles Assigning account definitions to all employees Assigning account definitions directly to employees Assigning account definitions to system roles Adding account definitions to the IT Shop

Assigning account definitions to LDAP domains Deleting an account definition

Password policies for LDAP user accounts

Predefined password policies Using password policies Editing password policies

General master data for password policies Policy settings Character classes for passwords

Custom scripts for password requirements

Checking passwords with a script Generating passwords with a script

Password exclusion list Checking a password Testing password generation

Initial password for new LDAP user accounts Email notifications about login data Job server for LDAP-specific process handling

Editing LDAP Job servers General master data for Job servers Specifying server functions

Target system managers

General master data for LDAP domains LDAP specific master data for LDAP domains Specifying categories for inheriting LDAP groups Editing synchronization projects

LDAP user accounts

Linking user accounts to employees Supported user account types

Default user accounts Administrative user accounts

Providing administrative user accounts for one employee Providing administrative user accounts for several employees

Privileged user accounts

Entering master data for LDAP user accounts

General master data of LDAP user accounts Contact data for an LDAP user account Address information for LDAP user accounts Organizational data for LDAP user accounts Miscellaneous data for an LDAP user account

Additional tasks for managing LDAP user accounts

Overview of LDAP user accounts Changing manage levels for LDAP user accounts Assigning LDAP groups directly to LDAP user accounts Assigning extended properties to LDAP user accounts

Automatic assignment of employees to LDAP user accounts

Editing search criteria for automatic employee assignment Assigning account definitions to linked LDAP user accounts

Disabling LDAP user accounts Deleting and restoring LDAP user accounts

LDAP group master data Assigning LDAP groups directly to LDAP user accounts and LDAP computers

Assigning LDAP groups to departments, cost centers, and locations Assigning LDAP groups to business roles Assigning LDAP user accounts directly to LDAP groups Assigning LDAP computers directly to LDAP groups Adding LDAP groups to system roles Adding LDAP groups to the IT Shop

Additional tasks for managing LDAP groups

Overview of LDAP groups Effectiveness of group memberships LDAP group inheritance based on categories Assigning extended properties to LDAP groups

Deleting LDAP groups

LDAP container structures

General master data for LDAP containers Contact data for LDAP containers Address information for LDAP containers

Master data for LDAP computers Assigning LDAP computers directly to LDAP groups

Reports about LDAP objects

Overview of all assignments

Configuration parameters for managing an LDAP environment Default project template for LDAP

OpenDJ project template for the generic LDAP connector Active Directory Lightweight Directory Services project template for the generic LDAP connector

Generic LDAP connector settings

Generating passwords with a script

You can implement a generating script if additional policies need to be used for generating a random password, which cannot be mapped with the available settings.

Syntax for generating script

Public Sub CCC_PwdGenerate( policy As VI.DB.Passwords.PasswordPolicy, spwd As System.Security.SecureString)

With parameters:

policy = password policy object

spwd = generated password

TIP: To use a base object, take the Entity property of the PasswordPolicy class.

Example for a script to generate a password

The script replaces the ? and ! characters at the beginning of random passwords with _.

Public Sub CCC_PwdGenerate( policy As VI.DB.Passwords.PasswordPolicy, spwd As System.Security.SecureString)

Dim pwd = spwd.ToInsecureArray()

' replace invalid characters at first position

If pwd.Length>0

If pwd(0)="?" Or pwd(0)="!"

spwd.SetAt(0, CChar("_"))

End If

End If

End Sub

To use a custom script for generating a password

In the Designer, create your script in the Script Library category.
Edit the password policy.
1. In the Manager, select the LDAP | Basic configuration data | Password policies category.
2. In the result list, select the password policy.
3. Select the Change master data task.
4. On the Scripts tab, enter the name of the script to be used to generate a password in the Generating script field.
5. Save the changes.

Related topics

Checking passwords with a script

Password exclusion list

You can add words to a list of restricted terms to prohibit them from being used in passwords.

NOTE: The restricted list applies globally to all password policies.

To add a term to the restricted list

In the Designer, select the Base Data | Security settings | Restricted passwords category.
Create a new entry with the Object | New menu item and enter the term you want to exclude from the list.
Save the changes.

Checking a password

When you check a password, all the password policy settings, custom scripts, and the restricted passwords are taken into account.

To check if a password conforms to the password policy

In the Manager, select the LDAP | Basic configuration data | Password policies category.
Select the password policy in the result list.
Select the Change master data task.
Select the Test tab.
Select the table and object to be tested in Base object for test.
Enter a password in Enter password to test.

A display next to the password shows whether it is valid or not.

Testing password generation

When you generate a password, all the password policy settings, custom scripts and the restricted passwords are taken into account.

To generate a password that conforms to the password policy

In the Manager, select the LDAP | Basic configuration data | Password policies category.
In the result list, select the password policy.
Select the Change master data task.
Select the Test tab.
Click Generate.

This generates and displays a password.

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级

© 2024 One Identity LLC. ALL RIGHTS RESERVED. Feedback 使用条款隐私 Cookie Preference Center