Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

FieldDescriptionExample Value
Linked Resource LDAP
Managed System Resource NameThis can be any value that will help you identify this LDAP connection.LDAP
StatusSet to "Active" to enable this connection.ACTIVE
ConnectorSelect the "LDAP Connector" mentioned in Step 1.LDAP Connector
Host URL

Enter the URL of the server to which we need to connect.

Info

If you use SSL, then the URL will start with ldaps://


ldap://lnx1.openiamdemo.com
Port

Specify the port of the server to which we need to connect.

Info

SSL is initiated upon connection to an alternative port (normally 636).


389
Communication Protocol

The protocol should be set to "CLEAR" unless a certificate has been installed to enable secure communication with OpenLDAP.

Read more about enabling SSL in Installing OpenLDAP and Enabling SSL.

CLEAR
Login IDEnter the the ID that the Connector will use to connect to OpenLDAP to create and delete users.cn=Manager,dc=openiamdemo,dc=com
PasswordEnter the the password for the login ID entered above. OpenIAM will store this information in encrypted form in its database. 
Object Primary KeyFill in this field with a user's unique name. For OpenLDAP, this is usually uid.uidcn
Base DN

Add the Base DN; within it the Connector will search and create users.

Info

If users are to be created in different OU's, then this can be defined in ou.groovy script in the iamscripts/provisioning folder. If active synchronization is being used, then this logic can also be added to the transformation scripts.


ou=people,ou=dev,dc=openiamdemo,dc=com
Search Base DNSpecify the part of the tree in which we should search for users.ou=dev,dc=openiamdemo,dc=com
Search Filter

Enter the search filter string that will be used by the Connector to search for objects within the Base DN. For OpenLDAP, enter: (&(objectclass=inetOrgPerson)(uid=?)).

Info

The Object class used in this search should match the object of the users that you are searching from. If your organization uses a custom object class, then this should be reflected in the search filter.


(&(objectclass=inetOrgPerson)(uidcn=?))
Attribute Names Lookup

Enter a path to the Groovy script. The Groovy script must have been already created. It must contain all possible attribute names used in the Policy Map.

This script returns all possible attribute names for LDAP:

Code Block
languagegroovy
output = [
        'uid',
        'cn',
        'mail',
        'o',
        'ou',
        'postalCode',
        'sn',
        'l',
        'st',
        'street',
        'userPassword',
        'postalAddress',
        'telephoneNumber',
        'facsimileTelephoneNumber',
        'mobileTelephoneNumber',
        'departmentNumber',
        'displayName',
        'employeeType',
        'objectclass',
        'title',
        'givenName',
        'uniqueMember',
        'manager',
]

If you need to add some attributes or remove redundant ones, edit this script.

If you leave the "Attribute Names Lookup" field empty, your Policy Map will have simple text boxes instead of drop-down menus for the attribute names.

attribute-lookup/LDAPAttibuteNamesLookup.groovy
Search Scope Subtree
Target System TypeSelect "LDAP."LDAP

...