Targeting LDAP directories
For each LDAP sub-tree, add a target system (Manage the system > Resources > Target systems):
Type is LDAP Directory Service, listed under "Network Operating Systems" in the drop-down list.
Address uses syntax described in Table 1, “LDAP target address configuration”.
The Administrator ID and Password identify the administrative account that you created earlier Configuring a target system administrator.
Be sure to enter a fully qualified name for the administrator ID.
The full list of target parameters is explained in Target system options .
Option | Description |
|---|---|
Options marked with a | |
Server | The FQDN, host name, or IP address of the LDAP server. (key: server) |
Base DN | The top level context. (key: basedn) |
Port | The port to connect to (default: 389 ). Use the standard port 636 when SSL is enabled. (key: port) |
Script file | The filename of a script that sets additional attributes. See LDAP Attribute Scripts to learn how to write this script file. (key: script) |
Connection over SSL | Enables an SSL connection when connecting to the target system server. Default is "false". (key: ssl) |
Circumvent certificate validation | Allows SSL connection to the target system server without validating the SSL certification first. (key: sslNoCertValidation) |
Authentication Type | The type of authentication mechanism used by the LDAP server:
|
OUs to list users from | List only those users who exist in one or more containers. See Targeting a specific container or containers for details. (key: accountOUList) |
OUs to list groups from | List only those groups that exist in one or more containers. See Targeting a specific container or containers for details. (key: groupOUList) |
OUs to exclude from listing | Exclude certain OUs to further restrict listing. See Targeting a specific container or containers for details. (key: excludeOUList) |
Persistent list search wait time (in seconds) | The interval time in seconds that the connector will wait to search for changes in the native target. The default value is 7,200 seconds (2 hours). If this value is set too small for a large native target, the connector may not be able to retrieve changes completely in the native target. Setting the value too small will also impose excess load on related services, which drag down the system performance. (key: persistentSearchWait) |
The LDAP target system address syntax is as follows:
{server=(<FQDN or host name> | <IP address>);
basedn=<OU>;
[port=<port number>;]
[script=<script file name>;]
[ssl=<true|false>;]
[sslNoCertValidation=<true|false>;]
[authMethod=<SIMPLE|NEGOTIATION>]
[accountOUList=<OU>;<OU>;... | include:<file name>;]
[groupOUList=<OU>;<OU>;... | include:<file name>;]
[excludeOUList=<OU>;<OU>;... | include:<file name>;]
[persistentSearchWait=<seconds>;]
}