LDAP connection parameter node descriptions
- <server>: An optional IP address or the LDAP server name. This field can be blank. If blank, the synchronization module searches the default domain controller. For an SSL-secured LDAP, you must specify the fully-qualified domain name of the LDAP server.Specifying the port is optional. By default, the LDAP service port is 389 and the SSL-secured LDAP service port is 636.
- <username>: The username of the account that accesses the LDAP server. If the server is not specified, the username is ignored. For an SSL-secured LDAP server, you must specify a fully-qualified user DN (FQDN). For example, CN=User Common Name,OU=Admin Accounts,DC=SomeDomain,DC=com.
- <password>: The password of the user account that accesses the LDAP server. If the server is not specified, the password is ignored.
- <isEncrypted>: If the password is encrypted, its value is "true", otherwise it is "false". The default is “false”.
- If the <isEncrypted> attribute is missing, the application assumes that the provided password is in clear text. The application encrypts the password and adds the <isEncrypted> attribute with the value "true."
- If the <isEncrypted> attribute is set to true, the application assumes that the password is already encrypted and does nothing.
- If the <isEncrypted> attribute is set to “false”, the application assumes that the password is in clear text and encrypts it. The application encrypts the password and sets the <isEncrypted> attribute to "true" and replaces clear text with cipher text.
- <authentication>: (Optional) A combination of authentication types used to access the LDAP server. It can be a combination of the following types (case-insensitive):
- Anonymous
- Delegation
- Encryption
- FastBind
- None
- ReadonlyServer
- Sealing
- Secure
- SecureSocketsLayer
- ServerBind
- Signing
The authentication type defaults to “Secure.” When using a combination of multiple types, use a pipe (|) to separate them. For example, “Secure | FastBind”.
Common use case
- For standard Microsoft Active Directory operations, it is not necessary to specify the authentication type.
- For SSL-secured LDAP, use “SecureSocketsLayer”.
- <search>: (Optional) Specifies LDAP query-related parameters. Currently, there is only one parameter.
- <pagingMode>: Specifies how to use paging control in an LDAP search. Select from the following modes (case-insensitive):
- None: Does not use pagination. This mode is usually for a Sun Directory, which does not support a paged result control. This mode depends on the size limit configuration of the LDAP server. If this limit is less than the number of items in one single OU, the LDAP module obtains items up to the server size limit.
- Paging: This mode is for all LDAP servers that support a paged result search control (OID: 1.2.840.113556.1.4.319.) This is the default and preferred mode and should be used for Microsoft Active Directory.
- <rootNodeDistinguishedName>: The distinguished name of the LDAP entry that corresponds to the hierarchy root node. If it is missing or blank, the sync module obtains the hierarchy from the root of the LDAP directory.