AD-LDAP

LDAP Environment Integration.

Requirements

The installation of the Single Agent is required on either a domain server member or domain controller.

Note:

The configuration of the AD-LDAP directory does not modify the directory schema. The sync frequency between AD Tenants run on a 30 second interval.

Configuration

To configure the LDAP configuration:

1. Set the domain of the directory as the Directory Label.
2. Set the Assigned Agent from the drop-down list of available Single Agents.

High Availability

Multiple Single Agents can be assigned to an AD integration for high availability.

3. Activate this agent: Switch this on to enable the integration.
4. Set the Fully Qualified Domain Name of the Host Server.
5. Set the integration type: Active directory/LDAP.
6. Set the port: 389/636. If you have configured TLS certificates for LDAPS this should be 636.
7. Authentication Type: Currently this can only be set to 'Basic'.
8. Choose the format to map user accounts. Sets whether to import users by samaccountname or UserPrincipleName.
9. Set the service account name. This account needs to exist in the directory with read permissions.
10. Set the service account password: Domain service account password.
11. Set the Fully Qualified Domain Name of the directory.
12. Test the connection. This will check that the service acccount details can read the directory.

Import

Set which AD User accounts and groups are imported into Access Management.

Synchronised users and groups can be viewed by navigating to the "Management" page.

Export

This option synchronizes Access Management tenant User accounts and groups to AD. This requires that the service account has write permissions.