Table 2.20 describes the properties on the Sync & Authentication tab of the LDAP Server Configuration page. The properties apply to new and existing LDAP configuration objects.
Table 2.20. LDAP Server Sync & Authentication properties
| Field | Description |
|---|---|
Import | Specifies how users and groups are imported. Available options are:
|
Synchronize Nested Groups in the repository | Select to synchronize the nested groups in the repository. NoteThis option is enabled only if Import field has the value Users and groups or Groups & member users. This option is disabled if you select Users only for Import field. |
Sync Type | Specifies how users and groups are synchronized. Available options are:
|
Deleted Users | Specifies whether deleted user accounts are marked inactive. Available options are:
|
Update Names | Select to Update user names in repository or Update group names in repository. The Update group names in repository checkbox is not enabled if Users Only is selected in the Import field. |
User Type | Select a user type. The default is dm_user. |
Bind to User DN | Options are:
|
External Password Check | Select to use external password check to authenticate users to directory. |
The LDAP synchronization job must have at least read access to a unique identifier on the directory server, as follows:
nsuniqueid on Sun One/Netscape/iPlanet Directory Server
objectguid on Microsoft Active Directory Server
ibm-entryuuid on IBM Directory Server
guid on Novell eDirectory
orclguid on Oracle Internet Directory Server
Apart from the unique identifiers, all the attributes that have been mapped in the LDAP configuration object should also have read access in the directory server.