This variable contains the specifications for the LDAP connection.
This variable is supplied in client 0000. Its settings are applied globally for the whole AE system. The variable contains all specifications for the connection to the Active Directory or Oracle Directory Server.
As of version 11, LDAP over SSL may be used.
The folder "DIV_VARIABLES" contains the variable UC_LDAP_EXAMPLE which can be used as a template. Duplicate this variable. There are two methods for configuring the connection to your LDAP server (Active DirectoryActive Directory (AD) ist der Verzeichnisdienst von Microsoft'+char(39)+ sowie der Überbegriff für identitätsbezogene Dienste für Windows-Netzwerke. or Oracle Directory ServerOracle Directory Server (ODS, früher Sun Directory Server) ist der Verzeichnisdienst von Oracle für heterogene Umgebungen.):
German umlauts cannot be used in domain names.
By default, the domain indicated in the name of the variable is used. You can also specify the alias in the key DOMAIN_ALIAS, which is then used instead of the domain name.
Key |
Value |
New start required |
---|---|---|
AUTHENTICATION_METHOD |
Authentication method Depending on the LDAP Server configuration, authentication requires realm data or the domain name. Allowed values: "0", "1" (default value) and "2". "0" - Authentication first uses the LDAP Server's realm data. A second attempt to log on is made with the domain name if the first attempt fails. The LDAP connection remembers the successful login method and uses this one first for future logins. Each attempt to authenticate is regarded as a login attempt. Whether an attempt to log on failed because of incorrect user data or due to a wrong login type is irrelevant. Thus, entering an incorrect password several times has the effect that a user is locked earlier. |
No |
DOMAIN_ALIAS |
Domain alias or domain name (if the department has been specified in the name of the variable) |
No |
SERVER |
Name and port number of the LDAP Server Format: Separate several LDAP Servers with a semicolon. The Automation EngineDiese Komponente steuert ein Automation Engine-System. Besteht aus verschiedenen Serverprozessen. then attempts to establish a connection to the first LDAP Server. If it fails, a second attempt is made with the second LDAP Server etc. |
No |
SYNC_LOGIN |
(optional) This key defines a UC_LDAP_Domain variable used for synchronizing LDAP data. This key is only necessary in case a current AE user shall use a specially created LoginAnmeldedaten für Zielsysteme. Auch ein eigener Objekttyp in der Automation Engine. object containing credentials allowing the LDAP synchronization should their existing permissions not be sufficient. |
|
USE_DISTINGUISHED_NAME |
Access via DN (distinguished name) Allowed values: "Y" and "N" (default value) "Y" - The connection to the LDAP system is established via DN. The password remains unencrypted when using DN. The LDAP connection uses the domain name when a user logs on for the first time. By doing so, it retrieves the corresponding Distinguished NameEin Distinguished Name (DN) ist die eindeutige Kennung für einen (LDAP) Verzeichniseintrag. (DN). For all subsequent login attempts it uses the DN because this method is the quicker one. If it fails, the LDAP connection automatically continues using the domain name. On Oracle Directory servers, the DN (distinguished name) is always used. |
No |
USR_EMAIL1 |
LDAP attribute from which the e-mail address should be read E.g.: "mail" in the Microsoft Active Directory |
No |
USR_FIRSTNAME |
LDAP attribute from which the first name should be read E.g.: "givenName" in the Microsoft Active Directory On Oracle Directory servers this setting is irrelevant, as attributes there are always "givenName" and "sn". |
No |
USR_LASTNAME |
LDAP attribute from which the last name should be read E.g.: "sn" in the Microsoft Active Directory On Oracle Directory servers this setting is irrelevant, as attributes there are always "givenName" and "sn". |
No |
VERSION |
Defines, if an existing C-Modul or the Java based Work process (JWP) is used in order to enable LDAP over SSL. Allowed values: "1" (default) and "2". "1" = uses the C-based LDAP connection, SSL is not possible. |
No |
TLS |
Allowed values: "Y[es]" and "N[o]" This parameter is used only in case the parameter VERSION is set to "2". If the parameter is set to "N", the Java based Work Process (JWP) creates a connection to the LDAP server without SSL. |
No |
* The keys that start with "USR" define the LDAP attributes from which the LDAP connection should read the e-mail address, as well as the first and last name when synchronizing user data. All three information types are stored in the User object.
Overview of all variables in Table Form
Variable