LDAP Connector

LDAP Connector

SailPoint’s LDAP connector offers a generic solution for managing access for LDAP accounts and groups across different flavors for LDAP.


Support Level: SailPoint Delivered

Connectors developed by SailPoint's Engineering team and supported under annual SailPoint support and maintenance. Reach out to SailPoint support for assistance.


Supported Use Cases

  • Full Account Aggregation
  • Single Account Aggregation
  • Delta Account Aggregation
  • Full Entitlement Aggregation
  • Full Group Aggregation
  • Single Group Aggregation
  • Delta Group Aggregation
  • Create Account Provisioning
  • Update Account Provisioning
  • Delete Account Provisioning*
  • Create Group Provisioning*
  • Update Group Provisioning*
  • Delete Group Provisioning*
  • Enable / Disable Account Provisioning
  • Unlock Account Provisioning
  • Change Account Password
  • Add Entitlement(s)
  • Remove Entitlement(s)

*This feature is currently supported only with the IdentityIQ platform

Supported Versions

  • Microsoft ADAM 2019, 2016, 2012 R2, 2012
  • OpenLDAP version 2.4, 2
  • Sun Java System Directory Server (formally known as - SunOne Directory Server)
  • ODSEE 11
  • IBM Security Directory Server (formally known as - Tivoli Directory Server) version 6.4, 6
  • Novell eDirectory (NetIQ) version 9.1, 9.0, 8.
  • Oracle Internet Directory version 12c and 11gR2


Related Documentation




Contact Us

SailPoint Support

SailPoint Professional Services

Labels (1)

@neelam_futane  - The SailPoint LDAP Connector Guide for 8.1 Patch 2 mentions support for Unlock for Novell eDirectory, Oracle Internet Directory, IBM Tivoli, and SunOne-Direct. However, in "Attributes for Unlock Feature," for the lockAttr and unlockAttr it does not provide the required values for each, instead referencing "Depend on LDAP type OR any custom attributes set in customer env for lock"

Is there a reference/guide of a list of attributes required for each LDAP type?


LDAP connector provides the flexibility to configure the attribute name and its respective value for lock/unlock operation .

This flexibility is mainly given for below purposes.

1.These attributes names and values differs across various LDAP flavours

2.Also user can configure customised account attribute if configured in account.

We need to mention attribute name and its value against below keys.

<entry key =“lockAttr” value=" Attribute Name "/>

<entry key =“lockVal” value=" Attribute value ”/>


e.g IBM 

For Lock:

<entry key =“lockAttr” value=“ ibm-pwdAccountLocked“/>

<entry key =“lockVal” value=“true”/>

For unlock:

<entry key =“lockAttr” value=“ ibm-pwdAccountLocked“/>

<entry key =“lockVal” value=“False”/>

This we will update in the documentation.


Is there a reference/guide of a list of attributes required for each LDAP type?

Currently we don’t have such documentation, would like to know which LDAP flavour you are looking for?

Hi @Ashwin_Tamhane ,

Apologies, I missed the notification of your reply. 

I was specifically looking for IBM Tivoli but adding an appendix of the standard values for each of the specific attributes for each LDAP flavor in a future documentation update would be helpful for all end users


Version history
Revision #:
7 of 8
Last update:
‎Jul 06, 2021 09:59 AM
Updated by: