cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

LDAP Connector

LDAP Connector

SailPoint’s LDAP connector offers a generic solution for managing access for LDAP accounts and groups across different flavors for LDAP.

 

Support Level: SailPoint Delivered

Connectors developed by SailPoint's Engineering team and supported under annual SailPoint support and maintenance. Reach out to SailPoint support for assistance.

 

Supported Use Cases

  • Full Account Aggregation
  • Single Account Aggregation
  • Delta Account Aggregation
  • Full Entitlement Aggregation
  • Full Group Aggregation
  • Single Group Aggregation
  • Delta Group Aggregation
  • Create Account Provisioning
  • Update Account Provisioning
  • Delete Account Provisioning*
  • Create Group Provisioning*
  • Update Group Provisioning*
  • Delete Group Provisioning*
  • Enable / Disable Account Provisioning
  • Unlock Account Provisioning
  • Change Account Password
  • Add Entitlement(s)
  • Remove Entitlement(s)

*This feature is currently supported only with the IdentityIQ platform

Supported Versions

  • IBM Security Directory Server (formally known as - Tivoli Directory Server) version 6.4, 6
  • Novell eDirectory (NetIQ) version 9.1, 9.0, 8.
  • Microsoft ADAM 2019, 2016, 2012 R2, 2012
  • Oracle Internet Directory version 12c and 11gR2
  • OpenLDAP version 2.5, 2.4, 2
  • SunOne ODSEE (Deprecated, EOL July 2022) 

 

Related Documentation

IBM Tivoli IDN Doc for IBM Tivoli IIQ Docs
MicroFocus Novell IDN Doc for MicroFocus Novell
Microsoft Lightweight Directory Server (ADAM) IDN Doc for Microsoft Lightweight Directory Server
Oracle Internet Directory IDN Doc for Oracle Internet Directory
OpenLDAP IDN Doc for OpenLDAP
SunOne ODSEE IDN Doc for SunOne ODSEE
Other Connectors All Supported IDN Connectors  

 

Contact Us

SailPoint Support

SailPoint Professional Services

Labels (1)
Comments

@neelam_futane  - The SailPoint LDAP Connector Guide for 8.1 Patch 2 mentions support for Unlock for Novell eDirectory, Oracle Internet Directory, IBM Tivoli, and SunOne-Direct. However, in "Attributes for Unlock Feature," for the lockAttr and unlockAttr it does not provide the required values for each, instead referencing "Depend on LDAP type OR any custom attributes set in customer env for lock"

Is there a reference/guide of a list of attributes required for each LDAP type?

Hi,


LDAP connector provides the flexibility to configure the attribute name and its respective value for lock/unlock operation .

This flexibility is mainly given for below purposes.

1.These attributes names and values differs across various LDAP flavours

2.Also user can configure customised account attribute if configured in account.

We need to mention attribute name and its value against below keys.

<entry key =“lockAttr” value=" Attribute Name "/>

<entry key =“lockVal” value=" Attribute value ”/>

 

e.g IBM 

For Lock:

<entry key =“lockAttr” value=“ ibm-pwdAccountLocked“/>

<entry key =“lockVal” value=“true”/>

For unlock:

<entry key =“lockAttr” value=“ ibm-pwdAccountLocked“/>

<entry key =“lockVal” value=“False”/>

This we will update in the documentation.

 

Is there a reference/guide of a list of attributes required for each LDAP type?

Currently we don’t have such documentation, would like to know which LDAP flavour you are looking for?

Hi @Ashwin_Tamhane ,

Apologies, I missed the notification of your reply. 

I was specifically looking for IBM Tivoli but adding an appendix of the standard values for each of the specific attributes for each LDAP flavor in a future documentation update would be helpful for all end users

Thanks!

nvk

What is the logger name, if we have to enable debug?
like openconnector.connector.GoogleAppsDirect

 

Does OOTB LDAP connector supports to connect to the Oracle Unified Directory (OUD)? If yes could you please provide the supported versions? 

Supported Versions

  • IBM Security Directory Server (formally known as - Tivoli Directory Server) version 6.4, 6
  • Novell eDirectory (NetIQ) version 9.1, 9.0, 8.
  • Microsoft ADAM 2019, 2016, 2012 R2, 2012
  • Oracle Internet Directory version 12c and 11gR2
  • OpenLDAP version 2.5, 2.4, 2
  • SunOne ODSEE (Deprecated, EOL July 2022) 

Hi, is there a specific reason why the LDAP connector don't handle Organizational Units object (like tree structure, for example)? Thanks

Why is there no direct answer from SailPoint on how to connect to Oracle Unified Directory? OUD is a popular directory and it would help the community if there is tech note on what connector to use and how to go about setting it up.

I also would like information on the best connector for OUD.  We transitioned the SunOne from when we were using ODSEE and it is working, but we are now noticing performance issues.

In looking closely at what it is doing, it is missing on a very basic expectation of LDAP reads, and that is connection pooling.  There seems to be no configuration for pooling the connector, and we really need that.  Are there any hidden details on how to enable connection pooling?

Version history
Revision #:
16 of 16
Last update:
‎Jun 06, 2023 05:53 AM
Updated by: