LDAP Server Sync & Authentication properties

Table 2.20 describes the properties on the Sync & Authentication tab of the LDAP Server Configuration page. The properties apply to new and existing LDAP configuration objects.

Table 2.20. LDAP Server Sync & Authentication properties

FieldDescription

Import

Specifies how users and groups are imported. Available options are:

  • Users and groups (default)

  • Users only

  • Groups & member users

Synchronize Nested Groups in the repository

Select to synchronize the nested groups in the repository.

Note

This option is enabled only if Import field has the value Users and groups or Groups & member users. This option is disabled if you select Users only for Import field.

Sync Type

Specifies how users and groups are synchronized. Available options are:

  • Full: Import all based on user/group mappings (default)

  • Incremental: Import only new or updated user/groups/members

    If Groups and member users is selected in the Import field and a group was not updated but any of the group members were, the incremental synchronization is updating users identified by the user search filter.

Deleted Users

Specifies whether deleted user accounts are marked inactive. Available options are:

  • set to inactive (default)

  • unchanged

Update Names

Select to Update user names in repository or Update group names in repository.

The Update group names in repository checkbox is not enabled if Users Only is selected in the Import field.

User Type

Select a user type. The default is dm_user.

Bind to User DN

Options are:

  • Search for DN in directory using user’s login name

  • Use DN stored with user record in repository (default)

External Password Check

Select to use external password check to authenticate users to directory.

The LDAP synchronization job must have at least read access to a unique identifier on the directory server, as follows:

Apart from the unique identifiers, all the attributes that have been mapped in the LDAP configuration object should also have read access in the directory server.