LDAP Connector
SailPoint’s LDAP connector offers a generic solution for managing access for LDAP accounts and groups across different flavors for LDAP.
Support Level: SailPoint Delivered
Connectors developed by SailPoint's Engineering team and supported under annual SailPoint support and maintenance. Reach out to SailPoint support for assistance.
Supported Use Cases
- Full Account Aggregation
- Single Account Aggregation
- Delta Account Aggregation
- Full Entitlement Aggregation
- Full Group Aggregation
- Single Group Aggregation
- Delta Group Aggregation
- Create Account Provisioning
- Update Account Provisioning
- Delete Account Provisioning*
- Create Group Provisioning*
- Update Group Provisioning*
- Delete Group Provisioning*
- Enable / Disable Account Provisioning
- Unlock Account Provisioning
- Change Account Password
- Add Entitlement(s)
- Remove Entitlement(s)
*This feature is currently supported only with the IdentityIQ platform
Supported Versions
- IBM Security Directory Server (formally known as - Tivoli Directory Server) version 6.4, 6
- Novell eDirectory (NetIQ) version 9.1, 9.0, 8.
- Microsoft ADAM 2019, 2016, 2012 R2, 2012
- Oracle Internet Directory version 12c and 11gR2
- OpenLDAP version 2.5, 2.4, 2
- SunOne ODSEE (Deprecated, EOL July 2022)
Related Documentation
IBM Tivoli | IDN Doc for IBM Tivoli | IIQ Docs |
MicroFocus Novell | IDN Doc for MicroFocus Novell | |
Microsoft Lightweight Directory Server (ADAM) | IDN Doc for Microsoft Lightweight Directory Server | |
Oracle Internet Directory | IDN Doc for Oracle Internet Directory | |
OpenLDAP | IDN Doc for OpenLDAP | |
SunOne ODSEE | IDN Doc for SunOne ODSEE | |
Other Connectors | All Supported IDN Connectors |
Contact Us
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Content to Moderator
@neelam_futane - The SailPoint LDAP Connector Guide for 8.1 Patch 2 mentions support for Unlock for Novell eDirectory, Oracle Internet Directory, IBM Tivoli, and SunOne-Direct. However, in "Attributes for Unlock Feature," for the lockAttr and unlockAttr it does not provide the required values for each, instead referencing "Depend on LDAP type OR any custom attributes set in customer env for lock"
Is there a reference/guide of a list of attributes required for each LDAP type?
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Content to Moderator
Hi,
LDAP connector provides the flexibility to configure the attribute name and its respective value for lock/unlock operation .
This flexibility is mainly given for below purposes.
1.These attributes names and values differs across various LDAP flavours
2.Also user can configure customised account attribute if configured in account.
We need to mention attribute name and its value against below keys.
<entry key =“lockAttr” value=" Attribute Name "/>
<entry key =“lockVal” value=" Attribute value ”/>
e.g IBM
For Lock:
<entry key =“lockAttr” value=“ ibm-pwdAccountLocked“/>
<entry key =“lockVal” value=“true”/>
For unlock:
<entry key =“lockAttr” value=“ ibm-pwdAccountLocked“/>
<entry key =“lockVal” value=“False”/>
This we will update in the documentation.
Is there a reference/guide of a list of attributes required for each LDAP type?
Currently we don’t have such documentation, would like to know which LDAP flavour you are looking for?
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Content to Moderator
Hi @Ashwin_Tamhane ,
Apologies, I missed the notification of your reply.
I was specifically looking for IBM Tivoli but adding an appendix of the standard values for each of the specific attributes for each LDAP flavor in a future documentation update would be helpful for all end users
Thanks!
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Content to Moderator
What is the logger name, if we have to enable debug?
like openconnector.connector.GoogleAppsDirect