LDAP Managed system configuration
Before configuring a managed system, ensure that you have installed and configured the LDAP connector. You can follow the instructions in this document. Once the connector is operational, configure the managed system by following the steps below.
- Navigate to webconsole > Provisioning > Managed System.
- In the loaded window, type the name of your connector and click Edit to configure it.
- Configure the selected system as required, referring to the fields described in the Managed System Configuration document.
- After filling out the table, identify the attributes for the system.
The LDAP connector can be used with various types of LDAP-based systems such as AD, openLDAP, and eDirectory. It also allows adding new fields to its schema, which can cause field names to differ from one system to another. To accommodate these differences, OpenIAM allows defining names for important membership attributes, such as MANAGER_FIELD_NAME, MEMBER_USER_VALUE_FIELD, PASSWORD_FIELD_NAME, and MEMBER_FIELD_NAME.
Use the table below to define attributes.
| Attribute | Definition |
|---|---|
| ON_DELETE | DISABLE, DELETE, UPDATE |
| MANAGER_FIELD_NAME | manager |
| GROUP_MEMBERSHIP_ENABLED | Y |
| INCLUDE_IN_PASSWORD_SYNC | Y |
| MEMBER_FIELD_NAME | member |
| MEMBER_USER_VALUE_FIELD | dn |
| POST_PROCESS | /prov-helper/LDAPPostProcessor.groovy |
| INCLUDE_USER_OBJECT | N |
| PRE_PROCESS | /prov-helper/LDAPPreProcessor.groovy |
| PRINCIPAL_NAME | uid |
| PASSWORD_FIELD_NAME | userPassword |
| UPDATE |
Note: GROUP_MEMBERSHIP_ENABLED, INCLUDE_IN_PASSWORD_SYNC, INCLUDE_USER_OBJECT, and PRINCIPAL_NAME will be removed in upcoming versions of OpenIAM as they are becoming obsolete.
Note: POST_PROCESS and PRE_PROCESS are not specific to LDAP but applicable to any managed system. OpenIAM allows having pre/post processor scripts specifically for managed systems. More information on Pre/Post processor scripts can be found here.