Configuring LDAP Sync

The LDAP Sync configuration is stored in the xml files LDAPSync.xml, defaults.xml and optional configuration files for specific client settings.

Note: LDAP Sync must be installed beforehand. For more information, see Installing LDAP Sync

This page includes the following:

LDAPSync.xml

LDAPSync.xml contains the following three elements:

  • Connection

    LDAP connection configuration.

    Type: Complex

    Mandatory:Yes

  • AE

    AE connection configuration

    Type: Complex

    Mandatory: Yes

  • Clients

    Configure the path to the mapping configurations and the default settings for each client.

    See also: Configuring LDAP Sync Client Settings

    Type: Complex

    Mandatory: Yes

Connection Element Attributes

LDAP-specific settings required for connectivity.

  • serverName

    Name of the LDAP server:

    Type: String

    Default: -

    Mandatory: Yes

    Example: MyCompany AD02

  • directoryType

    Values: AD or other

    Type: Option

    Default: AD

    Mandatory: No

  • url

    The IP address of the LDAP server or its fully qualified domain name and communication port on which the LDAP server listens:

    Note: To specify multiple servers, separate the url entries with a comma. The first server where a connection can be established will be used.

    Example: ad01.mycompany.com:389,ad02.mycompany.com:389

    Type: String

    Default: -

    Mandatory: Yes

  • useSSL

    Important! You need to configure a TLS/SSL certificate before using this setting.

    To use TLS/SSL, the certificate(s) of the LDAP server must be available to the LDAP Sync Process. LDAP Sync uses the default keystore file cacerts in the lib/security directory of the JRE.

    If you want to use an individual keystore file, you must start the LDAP Sync tool using -Djavax.net.ssl.trustStore=path_to_keystore and -Djavax.net.ssl.trustStorePassword=keystorepass.

    Example

    java -Djavax.net.ssl.trustStore=path_to_keystore -Djavax.net.ssl.trustStorePassword=keystorepass jar ldap-sync.jar -cl 100

    You can enable TLS/SSL for the LDAP connection as follows:

    • true: enabled
    • false: disabled

    Type: Boolean

    Default: False

    Mandatory: No

  • connectionTimeout

    The time to wait for an LDAP connection to open (in seconds).

    Note: If you do not want to set a timeout, set it to 0 (zero).

    Type: Number

    Default: 0

    Mandatory: No

  • retryConnect

    Number of times that LDAP Sync tries to reconnect to the LDAP server if the connection is shut down.

    Type: String

    Default: 0

    Tip: Set this value to 10 in your default configuration file. However, if this file is not used or this value is not defined, the default value is always 0.

    Mandatory: No

  • username

    The user credentials for an LDAP account with read access to the LDAP directory levels from which you want to import users

    Examples:

    • cn=administrator,cn=users,dc=ad,dc=example,dc=com
    • cn=user,dc=domain,dc=name
    • user@domain.name

    Type: String

    Default: -

    Mandatory: No

  • password

    The password for the user specified in username.

    Notes:

    • You enter or modify the password as plain text. It will be encrypted during the next synchronization run and stored in the configuration file as encrypted password.
    • Special characters must be escaped in order to comply with the xml standard.

    Type: String

    Default: -

    Mandatory: No

  • readTimeout

    The time to wait for a response from the LDAP service (in seconds).

    Note: If you do not want to set a timeout, set it to 0 (zero).

    Type: Number

    Default: 120

    Mandatory: No

  • searchTimeout

    The time to wait for a search result from the LDAP service (in seconds).

    Note: If you do not want to set a timeout, set it to 0 (zero).

    Type: Number

    Default: 60

    Mandatory: No

Example:

<Connection serverName="MyCompany AD02"
            directoryType="AD"
            url="mycompanyad02:389"
            useSSL="false"
            connectionTimeout="0"
            readTimeout="120"
            searchTimeout="60"
            username="mydomain\myuser"
            password="mypassword" 
/>

AE Element Attributes

Configure the connectivity to the Client 0 of the AE.

Important! The AE configuration is required for the synchronization for all clients of the AE.

  • cp

    The address of the Java communication process (JCP) in the AE

    Allowed formats:

    • DNS Name:Port number
      Example: AEserver:8443
    • TCP/IP Address:Port number
      Example: 192.168.0.1:8443

    Type: String

    Mandatory: Yes

  • username

    Username and department of the AE user which is used to update/create the user objects in the clients.

    Important! The user must exist in client 0. The user also requires permissions to create and update all users of all clients.

    Example: 0/AUTOMIC/AUTOMIC

    Type: String

    Mandatory: Yes

  • password

    Password for the AE user specified in the username.

    Note: You enter or modify the password as plain text. It will be encrypted during the next synchronization run and stored in the configuration file as encrypted password.

    Type: String

    Mandatory: Yes

  • trustedCertFolder

    Here you define the location of the folder for trusted certificates used for TLS/SSL connections. For more information, see Securing Connections to the AE (TLS/SSL).

    Example: "C:\CD\..\Automation.Platform\Agents\certificates"

Example:

<AE cp="192.168.0.1:2217"
    username="0/AUTOMIC/AUTOMIC"
    password="automic"
    trustedCertFolder="path/to/cer/folder"/>

Clients Element Attributes

You must specify where the default settings for all clients are located and from which folder the client settings are taken.

  • path

    The absolute or relative path to the folder containing the default configuration file and optional individual client configuration files.

    Default: clients folder related to the main configuration folder.

    Type: String

    Mandatory: Yes

  • default

    The name of the default configuration file which is used to set default values for all configured clients.

    Note: You can overwrite the default configuration with specific client settings for a specific client number. See also: Configuring LDAP Sync Client Settings.

    Type: String

    Mandatory: No

    Default: defaults.xml

Example:

<Clients
    path="clients" 
    default="defaults.xml"
/>