Preparation
Before you begin, you must:
Know the name of each LDAP tree and the top-level context in which Bravura Security Fabric performs operations.
Document a DNS server name and TCP port number for the master LDAP service for each directory.
Create an administrative account in the LDAP tree that can list users in the relevant contexts and reset passwords for every user object in the relevant contexts. See Configuring a target system administrator below for details..
Create at least one test account in the tree. More accounts, in multiple contexts, are better.
If you have an LDAP server set up for SSL encryption, ensure that the required server authentication certificate is imported into a trusted root certificate store on the instance server. See Exporting and installing SSL certification files below for details.
Determine how Bravura Security Fabric identifies users in the LDAP tree. Bravura Security Fabric can do this based on one of two mutually-exclusive assumptions:
Each user has at most one account in the LDAP tree. Ideally, but not necessarily, the common name uniquely identifies each user.
A user may have multiple accounts in different contexts in the tree, but the common name uniquely identifies the user.
Warning
Ensure that your LDAP client does not hash new passwords before sending requests to the LDAP server, if:
You will be implementing transparent synchronization
Bravura Security Fabric will be used to verify passwords on the LDAP target
If you do not want passwords to be transmitted in plaintext, it is highly recommended that you enable SSL on the LDAP server.