Configuring LDAP Sync

The LDAP Sync configuration is stored in the xml files LDAPSync.xml, defaults.xml and optional configuration files for specific client settings.

This page includes the following:

LDAPSync.xml

LDAPSync.xml contains the following three elements:

  • Connection

    LDAP connection configuration.

    Type: Complex

    Mandatory:Yes

  • AE

    AE connection configuration

    Type: Complex

    Mandatory: Yes

  • Clients

    Configure the path to the mapping configurations and the default settings for each client.

    See also: Configuring LDAP Sync Client Settings

    Type: Complex

    Mandatory: Yes

Connection Element Attributes

LDAP-specific settings required for connectivity.

  • serverName

    Name of the LDAP server:

    Type: String

    Default: -

    Mandatory: Yes

    Example: MyCompany AD02

  • directoryType

    Values: AD or other

    Type: Option

    Default: AD

    Mandatory: No

  • url

    The IP address of the LDAP server or its fully qualified domain name and communication port on which the LDAP server listens:

    Note: To specify multiple servers, separate the url entries with a comma. The first server where a connection can be established will be used.

    Example: ad01.mycompany.com:389,ad02.mycompany.com:389

    Type: String

    Default: -

    Mandatory: Yes

  • useSSL

    Important! You need to configure an SSL certificate before using this setting.

    You can enable SSL for the LDAP connection as follows:

    • true: enabled
    • false: disabled

    Type: Boolean

    Default: False

    Mandatory: No

  • connectionTimeout

    The time to wait for an LDAP connection to open (in seconds).

    Note: If you do not want to set a timeout, set it to 0 (zero).

    Type: Number

    Default: 0

    Mandatory: No

  • retryConnect

    Number of times that LDAP Sync tries to reconnect to the LDAP server if the connection is shut down.

    Type: String

    Default: 10

    Mandatory: No

  • username

    The user credentials for an LDAP account with read access to the LDAP directory levels from which you want to import users

    Examples:

    • cn=administrator,cn=users,dc=ad,dc=example,dc=com
    • cn=user,dc=domain,dc=name
    • user@domain.name

    Type: String

    Default: -

    Mandatory: No

  • password

    The password for the user specified in username.

    Notes:

    • You enter or modify the password as plain text. It will be encrypted during the next synchronization run and stored in the configuration file as encrypted password.
    • Special characters must be escaped in order to comply with the xml standard.

    Type: String

    Default: -

    Mandatory: No

  • readTimeout

    The time to wait for a response from the LDAP service (in seconds).

    Note: If you do not want to set a timeout, set it to 0 (zero).

    Type: Number

    Default: 120

    Mandatory: No

  • searchTimeout

    The time to wait for a search result from the LDAP service (in seconds).

    Note: If you do not want to set a timeout, set it to 0 (zero).

    Type: Number

    Default: 60

    Mandatory: No

Example:

<Connection serverName="MyCompany AD02"
            directoryType="AD"
            url="mycompanyad02:389"
            useSSL="false"
            connectionTimeout="0"
            readTimeout="120"
            searchTimeout="60"
            username="mydomain\myuser"
            password="mypassword" 
/>

AE Element Attributes

Configure the connectivity to the Client 0 of the AE.

Important! The AE configuration is required for the synchronization for all clients of the AE.

  • cp

    The address of the communication process in the AE

    Allowed formats:

    • DNS Name:Port number
      Example: AEserver:2217
    • TCP/IP Address:Port number
      Example: 192.168.0.1:2217

    Type: String

    Mandatory: Yes

  • username

    Username and department of the AE user which is used to update/create the user objects in the clients.

    Important! The user must exist in client 0. The user also requires permissions to create and update all users of all clients.

    Example: AUTOMIC/AUTOMIC

    Type: String

    Mandatory: Yes

  • password

    Password for the AE user specified in the username.

    Note: You enter or modify the password as plain text. It will be encrypted during the next synchronization run and stored in the configuration file as encrypted password.

    Type: String

    Mandatory: Yes

  • trustedCertFolder

    Here you define the location of the folder for trusted certificates used for TLS connections. For more information, see TLS Configuration.

    Example: "C:\CD\..\Automation.Platform\Agents\certificates"

Example:

<AE cp="192.168.0.1:2217"
    username="AUTOMIC/AUTOMIC"
    password="automic"
    trustedCertFolder="path/to/cer/folder"/>

Clients Element Attributes

You must specify where the default settings for all clients are located and from which folder the client settings are taken.

  • path

    The absolute or relative path to the folder containing the default configuration file and optional individual client configuration files.

    Default: clients folder related to the main configuration folder.

    Type: String

    Mandatory: Yes

  • default

    The name of the default configuration file which is used to set default values for all configured clients.

    Note: You can overwrite the default configuration with specific client settings for a specific client number. See also: Configuring LDAP Sync Client Settings.

    Type: String

    Mandatory: No

    Default: defaults.xml

Example:

<Clients
    path="clients" 
    default="defaults.xml"
/>