Settings for LDAP / LDAPS

This topic describes how to configure a new LDAP or LDAPS connection in DataSync.

Important

The LDAP / LDAPS connector only supports the Truncate and Load option for running extractions.

To configure the connection:

  1. In DataSync, create a new source connection for LDAP.

  2. Fill out the fields described below in the Connection Properties panel.

  3. Click Save.

Setting Description
Connection Properties  
Description Enter a name for the source connection.
Server

Specify the LDAP server's fully qualified domain name (FQDN). The name does not need to include the LDAP:\\ portion, only the server domain name. For example: ldapserver.mydomain.local.
Port The port the LDAP server is running on. The LDAP default port is 389. If you enable TLS/SSL below, the LDAPS default port is 636.
Enable LDAP over TLS/SSL

Select this option to enable SSL/TLS to connect to the LDAP server.

Username The distinguished name of a user. For example: DOMAIN\\BobF.
Password The password for the specified user.
Search Base

The base portion of the distinguished name and the starting at point at which the LDAP server will be queried. It can be set to the root directory or a specific subtree.

For example: DC=mydomain,DC=local or OU=Users,OU=Canada,DC=mydomain,DC=local
Maximum number of records The maximum number of records returned. To configure no limits, set to -1.
Scope

Determines what scope a search will be limited to:

  • Whole Subtree: (Default) Limits the scope of the search to the Search Base and all its descendants.

  • Single Level: Limits the scope of the search to the Search Base and its direct descendants.

  • Base Object: Limits the scope to the root of the Search Base only.
Follow Referrals Specifies whether or not to follow referrals returned by the LDAP server.
FriendlyGUID

Determines whether GUID attributes such as objectGUID are returned as binary objects or converted into a human readable string such as 708d9374-d64a-49b2-97ea-489ddc717703.

  • When set to True a friendly string value is returned.

  • When set to False (default) a base 64 encoded string of the binary object is returned.
FriendlySID

This field determines whether SID attributes such as objectSID are returned as binary objects or converted into a human readable string such as S-1-5-21-4272240814-246508344-1325542772-12464.

  • When set to True a friendly string value is returned.

  • When set to False (default) a base 64 encoded string of the binary object is returned.
Additional Connection Properties
SSLServerCert

If you are using a TLS/SSL connection, this property can be used to specify the TLS/SSL certificate to be accepted from the server. Any other certificate that is not trusted by the machine is rejected.

If not specified, any certificate trusted by the machine is accepted.

Note:  You can use * to accept all certificates. However, this is not recommended due to security concerns.

Example

Here is a shortened example of PEM certificate:

-----BEGIN CERTIFICATE----- MIIChTCCAe4CAQAwDQYJKoZIhv......Qw== -----END CERTIFICATE-----

Example

Here is an example of path to a local file containing the certificate:

C:\cert.cer

Example

Here is a shortened example of public key:

-----BEGIN RSA PUBLIC KEY----- MIGfMA0GCSq......AQAB -----END RSA PUBLIC KEY-----

Example

Here is an example of MD5 thumbprint (hexadecimal values can also be either space- or colon-separated):

ecadbdda5a1529c58a1e9e09828d70e4

Example

Here is an example of SHA1 thumbprint (hexadecimal values can also be either space- or colon-separated):

34a929226ae0819f2ec14b4a3d904f801cbb150d
AuthMechanism

The authentication mechanism to be used when connecting to the LDAP server.

  • By default, AuthMechanism is set to SIMPLE, and default plain text authentication is used to log in to the server.

  • If AuthMechanism is set to DIGESTMD5, DIGEST-MD5 authentication will be used.

  • If AuthMechanism is set to NEGOTIATE, NTLM/NEGOTIATE authentication will be used.