Configuring LDAP Sync

The LDAP Sync configuration is stored in the xml files LDAPSync.xml, defaults.xml and optional configuration files for specific client settings.

LDAPSync.xml

LDAPSync.xml contains the following three elements:

• Connection

  LDAP connection configuration.

  Type: Complex

  Mandatory:Yes

• AE

  AE connection configuration

  Type: Complex

  Mandatory: Yes

• Clients

  Configure the path to the mapping configurations and the default settings for each client.

  See also: Configuring Client Settings

  Type: Complex

  Mandatory: Yes

Connection Element Attributes

LDAP-specific settings required for connectivity.

• serverName

  Name of the LDAP server:

  Type: String

  Default: -

  Mandatory: Yes

  Example: MyCompany AD02

• directoryType

  Values: AD or other

  Type: Option

  Default: AD

  Mandatory: No

• url

  The IP address of the LDAP server or its fully qualified domain name and communication port on which the LDAP server listens:

  Note: To specify multiple servers, separate the url entries with a comma. The first server where a connection can be established will be used.

  Example: ad01.mycompany.com:389,ad02.mycompany.com:389

  Type: String

  Default: -

  Mandatory: Yes

• useSSL

  Important! You need to configure an SSL certificate before using this setting.

  You can enable SSL for the LDAP connection as follows:

  • true: enabled
  • false: disabled

  Type: Boolean

  Default: False

  Mandatory: No

• connectionTimeout

  The time to wait for an LDAP connection to open (in seconds).

  Note: If you do not want to set a timeout, set it to 0 (zero).

  Type: Number

  Default: 0

  Mandatory: No

• retryConnect

  Number of times that LDAP Sync tries to reconnect to the LDAP server if the connection is shut down.

  Type: String

  Default: 10

  Mandatory: No

• username

  The user credentials for an LDAP account with read access to the LDAP directory levels from which you want to import users

  Examples:

  • cn=administrator,cn=users,dc=ad,dc=example,dc=com
  • cn=user,dc=domain,dc=name
  • user@domain.name

  Type: String

  Default: -

  Mandatory: No

• password

  The password for the user specified in username.

  Notes:

  • You enter or modify the password as plain text. It will be encrypted during the next synchronization run and stored in the configuration file as encrypted password.
  • Special characters must be escaped in order to comply with the xml standard.

  Type: String

  Default: -

  Mandatory: No

• readTimeout

  The time to wait for a response from the LDAP service (in seconds).

  Note: If you do not want to set a timeout, set it to 0 (zero).

  Type: Number

  Default: 120

  Mandatory: No

• searchTimeout

  The time to wait for a search result from the LDAP service (in seconds).

  Note: If you do not want to set a timeout, set it to 0 (zero).

  Type: Number

  Default: 60

  Mandatory: No

Example:

<Connection serverName="MyCompany AD02"
            directoryType="AD"
            url="mycompanyad02:389"
            useSSL="false"
            connectionTimeout="0"
            readTimeout="120"
            searchTimeout="60"
            username="mydomain\myuser"
            password="mypassword" 
/>

AE Element Attributes

Configure the connectivity to the Client 0 of the AE.

Important! The AE configuration is required for the synchronization for all clients of the AE.

• cp

  The address of the communication process in the AE

  Allowed formats:

  • DNS Name:Port number
    Example: AEserver:2217
  • TCP/IP Address:Port number
    Example: 192.168.0.1:2217

  Type: String

  Mandatory: Yes

• username

  Username and department of the AE user which is used to update/create the user objects in the clients.

  Important! The user must exist in client 0. The user also requires permissions to create and update all users of all clients.

  Example: AUTOMIC/AUTOMIC

  Type: String

  Mandatory: Yes

• password

  Password for the AE user specified in the username.

  Note: You enter or modify the password as plain text. It will be encrypted during the next synchronization run and stored in the configuration file as encrypted password.

  Type: String

  Mandatory: Yes

Example:

<AE cp="192.168.0.1:2217"
    username="AUTOMIC/AUTOMIC"
    password="automic"
/>

Clients Element Attributes

You must specify where the default settings for all clients are located and from which folder the client settings are taken.

• path

  The absolute or relative path to the folder containing the default configuration file and optional individual client configuration files.

  Default: clients folder related to the main configuration folder.

  Type: String

  Mandatory: Yes

• default

  The name of the default configuration file which is used to set default values for all configured clients.

  Note: You can overwrite the default configuration with specific client settings for a specific client number. See also: Configuring Client Settings.

  Type: String

  Mandatory: No

  Default: defaults.xml

Example:

<Clients
    path="clients" 
    default="defaults.xml"
/>