Configuring LDAP Sync
The LDAP Sync configuration is stored in the xml files LDAPSync.xml, defaults.xml and optional configuration files for specific client settings.
This page includes the following:
LDAPSync.xml
LDAPSync.xml contains the following three elements:
-
Connection
LDAP connection configuration.
Type: Complex
Mandatory:Yes
-
AE
AE connection configuration
Type: Complex
Mandatory: Yes
-
Clients
Configure the path to the mapping configurations and the default settings for each client.
See also: Configuring LDAP Sync Client Settings
Type: Complex
Mandatory: Yes
Connection Element Attributes
LDAP-specific settings required for connectivity.
-
serverName
Name of the LDAP server:
Type: String
Default: -
Mandatory: Yes
Example:
MyCompany AD02 -
directoryType
Values:
ADorotherType: Option
Default: AD
Mandatory: No
-
url
The IP address of the LDAP server or its fully qualified domain name and communication port on which the LDAP server listens:
Note: To specify multiple servers, separate the url entries with a comma. The first server where a connection can be established will be used.
Example:
ad01.mycompany.com:389,ad02.mycompany.com:389Type: String
Default: -
Mandatory: Yes
-
useSSL
Important! You need to configure a TLS/SSL certificate before using this setting.
To use TLS/SSL, the certificate(s) of the LDAP server must be available to the LDAP Sync Process. LDAP Sync uses the default keystore file cacerts in the lib/security directory of the JRE.
If you want to use an individual keystore file, you must start the LDAP Sync tool using -Djavax.net.ssl.trustStore=path_to_keystore and -Djavax.net.ssl.trustStorePassword=keystorepass.
Example
java -Djavax.net.ssl.trustStore=path_to_keystore -Djavax.net.ssl.trustStorePassword=keystorepass jar ldap-sync.jar -cl 100
You can enable TLS/SSL for the LDAP connection as follows:
- true: enabled
- false: disabled
Type: Boolean
Default: False
Mandatory: No
-
connectionTimeout
The time to wait for an LDAP connection to open (in seconds).
Note: If you do not want to set a timeout, set it to 0 (zero).
Type: Number
Default: 0
Mandatory: No
-
retryConnect
Number of times that LDAP Sync tries to reconnect to the LDAP server if the connection is shut down.
Type: String
Default: 0
Tip: Set this value to 10 in your default configuration file. However, if this file is not used or this value is not defined, the default value is always 0.
Mandatory: No
-
username
The user credentials for an LDAP account with read access to the LDAP directory levels from which you want to import users
Examples:
- cn=administrator,cn=users,dc=ad,dc=example,dc=com
- cn=user,dc=domain,dc=name
- user@domain.name
Type: String
Default: -
Mandatory: No
-
password
The password for the user specified in username.
Notes:
- You enter or modify the password as plain text. It will be encrypted during the next synchronization run and stored in the configuration file as encrypted password.
- Special characters must be escaped in order to comply with the xml standard.
Type: String
Default: -
Mandatory: No
-
readTimeout
The time to wait for a response from the LDAP service (in seconds).
Note: If you do not want to set a timeout, set it to 0 (zero).
Type: Number
Default: 120
Mandatory: No
-
searchTimeout
The time to wait for a search result from the LDAP service (in seconds).
Note: If you do not want to set a timeout, set it to 0 (zero).
Type: Number
Default: 60
Mandatory: No
Example:
<Connection serverName="MyCompany AD02"
directoryType="AD"
url="mycompanyad02:389"
useSSL="false"
connectionTimeout="0"
readTimeout="120"
searchTimeout="60"
username="mydomain\myuser"
password="mypassword"
/>
AE Element Attributes
Configure the connectivity to the Client 0 of the AE.
Important! The AE configuration is required for the synchronization for all clients of the AE.
-
cp
The address of the Java communication process (JCP) in the AE
Allowed formats:
- DNS Name:Port number
Example:AEserver:8443 - TCP/IP Address:Port number
Example:192.168.0.1:8443
Type: String
Mandatory: Yes
- DNS Name:Port number
-
username
Username and department of the AE user which is used to update/create the user objects in the clients.
Important! The user must exist in client 0. The user also requires permissions to create and update all users of all clients.
Example:
0/AUTOMIC/AUTOMICType: String
Mandatory: Yes
-
password
Password for the AE user specified in the username.
Note: You enter or modify the password as plain text. It will be encrypted during the next synchronization run and stored in the configuration file as encrypted password.
Type: String
Mandatory: Yes
-
trustedCertFolder
Here you define the location of the folder for trusted certificates used for TLS/SSL connections. For more information, see Securing Connections to the AE (TLS/SSL).
Example: "C:\CD\..\Automation.Platform\Agents\certificates"
Example:
<AE cp="192.168.0.1:2217"
username="0/AUTOMIC/AUTOMIC"
password="automic"
trustedCertFolder="path/to/cer/folder"/>
Clients Element Attributes
You must specify where the default settings for all clients are located and from which folder the client settings are taken.
-
path
The absolute or relative path to the folder containing the default configuration file and optional individual client configuration files.
Default: clients folder related to the main configuration folder.
Type: String
Mandatory: Yes
-
default
The name of the default configuration file which is used to set default values for all configured clients.
Note: You can overwrite the default configuration with specific client settings for a specific client number. See also: Configuring LDAP Sync Client Settings.
Type: String
Mandatory: No
Default: defaults.xml
Example:
<Clients
path="clients"
default="defaults.xml"
/>