Setting LDAP Connection Information

  1. Click Settings tab from UDE > System Management > LDAP Management.
  2. In the right pane, make the LDAP authentication active and then click Save.
  3. Specify the values for your Base DN.
    Typically, the Base DN is in the form of DC=xxx, DC=xxx, where DC refers to domain component. For example: DC=my_company,DC=com
  4. Select the Specific Binding option and then enter the Bind DN and password.

    Typically the Bind DN takes the form of CN=xxx,OU=xxx,DC=xxx,DC=xxx, where CN refers to common name, OU refers to organizational unit, and DC refers to domain component.

    For example: CN=my_user_ID,OU=My Place Users,DC=my_company,DC=com

    This option is the name and password of an LDAP service account that is used for reading all LDAP information. This is required to be set correctly if you will be using online or batch LDAP synchronization.

  5. Click Test Connection to modify settings until the connection passes and then click Save.
  6. Optional: To enable Role synchronization, click Activate in the Role Set section.
  7. Define attributes for the User Set.
    The User Set defines the information to locate user login names. This must be correct if using online or batch LDAP synchronization.
    • User class name - Provides the LDAP class that represents “user,” for example, person.
      Note: User class name is the LDAP field that contains information about users, as compared to LDAP fields, which contain printer or conference room information.
    • User login attribute - Provides the LDAP attribute that represents the user login ID. For example, name.
  8. Test the user attributes and modify your settings, until the tool successfully retrieves the LDAP user attributes.
    Note: Test user attributes only ensure that some LDAP fields named User class name exist. Verify with your LDAP server that the User class name defines LDAP users, and the User login attribute holds the login name of each user.
  9. Optional: Define and test attributes for the Role Set if activated.
    • Role class name - Provides the LDAP class that represents role for example; group.
    • Role name attribute - Provides the LDAP attribute associated with the role, for example, managedBy.
  10. Test the Role attributes and modify your settings, until the tool successfully retrieves the LDAP Role attributes.
    Note: Test Role attributes only ensure that some LDAP fields named Role class name exist,and not that they represent LDAP groups, nor that the Role name attribute contains the name of the group.
  11. Optional: Use advanced filtering to refine the list of users or roles that are created during synchronization.
    1. Use the Filter wizard for future implementation
      1. Select Filter wizard from the Advanced filtering section.
      2. Select an attribute from the dropdown list.
      3. Select an operator from the dropdown list.
      4. Type a text string in the text box.
      Note: Filters can be ANDed, ORed, and nested.
    2. Use a Manual filter.
      1. Select Manual filter from the Advanced filtering section.
      2. Type your custom search string in the text box.

      For example:(&(objectClass=person)(cn={0})(department=CM*))

  12. Click Save.
  13. Set the property mapping to map LDAP attributes to the UDE user attributes.
    1. From the navigation pane, choose Property Mapping
    2. Type the required attributes for First name, Last name, and User email.
    3. Add any Optional properties as needed.
    4. Accept or Edit the default UDE Server roles to which newly created users are assigned.
    5. Any accounts created with LDAP synchronization automatically belong to the specified roles.
    6. (Optional) If Role synchronization is enabled, enter the values for “Parent Roles attribute name” and “Child Roles attribute name”.
    7. Click Save.
  14. Set the behavior for online synchronization.
    1. From the navigation pane, choose Online Synchronization.
    2. Set the activation mode for synchronizing new user accounts and for updating existing user accounts.
      Note: This must be enabled if you want LDAP users to seamlessly log in to an UDE Server without being explicitly added to the UDE Server.
    3. Select the preferred behavior for synchronization when an UDE user account with the same login name exists.
      Note: This type of synchronization is useful for manually adding users accounts through UDE user management. Selecting this behavior enables them to log in with their LDAP passwords.
    4. Click Save.
    5. Run batch synchronization. ( this option is to run batch synchronization at specific hour/day )