Settings for LDAP / LDAPS
This topic describes how to configure a new LDAP or LDAPS connection in DataSync.
The LDAP / LDAPS connector only supports the Truncate and Load option for running extractions.
To configure the connection:
-
In DataSync, create a new source connection for LDAP.
-
Fill out the fields in the New Connection dialog box as described below.
-
Click Save.
Connection Properties | Description |
---|---|
Description | Enter a name for the source connection. |
Server |
Specify the LDAP server's fully qualified domain name (FQDN). The name does not need to include the LDAP:\\ portion, only the server domain name. For example: ldapserver.mydomain.local. |
Port | The port the LDAP server is running on. The LDAP default port is 389. If you enable TLS/SSL below, the LDAPS default port is 636. |
Enable LDAP over TLS/SSL |
Select this option to enable SSL/TLS to connect to the LDAP server. |
Username | The distinguished name of a user. For example: DOMAIN\\BobF. |
Password | The password for the specified user. |
Search Base |
The base portion of the distinguished name and the starting at point at which the LDAP server will be queried. It can be set to the root directory or a specific subtree. For example: DC=mydomain,DC=local or OU=Users,OU=Canada,DC=mydomain,DC=local |
Maximum number of records | The maximum number of records returned. To configure no limits, set to -1. |
Scope |
Determines what scope a search will be limited to:
|
Follow Referrals | Specifies whether or not to follow referrals returned by the LDAP server. |
FriendlyGUID |
Determines whether GUID attributes such as objectGUID are returned as binary objects or converted into a human readable string such as 708d9374-d64a-49b2-97ea-489ddc717703.
|
FriendlySID |
This field determines whether SID attributes such as objectSID are returned as binary objects or converted into a human readable string such as S-1-5-21-4272240814-246508344-1325542772-12464.
|
Additional Connection Properties | Description |
---|---|
SSLServerCert |
If you are using a TLS/SSL connection, this property can be used to specify the TLS/SSL certificate to be accepted from the server. Any other certificate that is not trusted by the machine is rejected. If not specified, any certificate trusted by the machine is accepted. Note: You can use * to accept all certificates. However, this is not recommended due to security concerns. Example
Here is a shortened example of PEM certificate: -----BEGIN CERTIFICATE----- MIIChTCCAe4CAQAwDQYJKoZIhv......Qw== -----END CERTIFICATE----- Example
Here is an example of path to a local file containing the certificate: C:\cert.cer Example
Here is a shortened example of public key: -----BEGIN RSA PUBLIC KEY----- MIGfMA0GCSq......AQAB -----END RSA PUBLIC KEY----- Example
Here is an example of MD5 thumbprint (hexadecimal values can also be either space- or colon-separated): ecadbdda5a1529c58a1e9e09828d70e4 Example
Here is an example of SHA1 thumbprint (hexadecimal values can also be either space- or colon-separated): 34a929226ae0819f2ec14b4a3d904f801cbb150d |
AuthMechanism |
The authentication mechanism to be used when connecting to the LDAP server.
|