LdUp
- Francesco Chicchiriccò
Overview
The LdUp connector enables identity provisioning to LDAP v3 servers.
The implementation is based on Ldaptive and is meant as a major rewrite of the legacy LDAP connector.
Supported Resources
LDAP v3
OpenLDAP
Installation
To install the LdUp connector, add the bundle JAR file to a directory on your disk. If your application has a dedicated directory for connector bundles, put the file in that directory. For example, Apache Syncope looks for connector bundles in the configured bundles directory.
Supported Operations
The LdUp connector supports the following operations:
Authentication
Create
Delete
Get
LiveSync
Schema
Search
Sync
Test
Update
UpdateAttributeValues
UpdateDelta
Validate
Configuration
The following table lists all the configuration properties you can specify when setting up the LdUp connector:
Configuration Property | Required | Type | Default Value | Description |
|---|---|---|---|---|
url | X | String |
| LDAP URL |
useStartTLS |
| boolean | false | Start TLS session |
autoReconnect |
| boolean | true | Sets whether connections will attempt to reconnect when unexpectedly closed. |
connectTimeoutSeconds |
| int | 30 | Connection Timeout (seconds) |
responseTimeoutSeconds |
| int | 30 | Response Timeout (seconds) |
bindDn | X | String |
| Bind DN |
bindPassword | X | GuardedString |
| Password corresponding to the entry specified in the bindDn property |
poolMinSize |
| int | 1 | Connection Pool Minimum Size |
poolMaxSize |
| int | 10 | Connection Pool Maximum Size |
baseDn | X | String |
| The base DN to consider for all operations |
accountObjectClass |
| String | “inetOrgPerson” | Object classes to which the ACCOUNT object class is mapped. |
groupObjectClass |
| String | “groupOfUniqueNames” | LDAP attributes to which the authentication user names are mapped. The connector uses this property search for the LDAP entry corresponding to the user name that is passed to an authentication operation. |
passwordAttribute |
| String | “userPassword” | The name of the LDAP attribute which holds the password. |
groupMemberAttribute |
| String | "uniqueMember" | LDAP attribute that holds the member of LDAP static groups |
uidAttribute |
| String | "entryUUID" | Id Attribute for users |
gidAttribute |
| String | "entryUUID" | Id Attribute for groups |
aidAttribute |
| String | "entryUUID" | Id Attribute for other objects |
legacyCompatibilityMode |
| boolean | false | Exchange group membership attributes in the same format as the legacy LDAP connector does. |
Schema
The mapping is one-to-one between ConnId’s ObjectClass instances and structural LDAP object classes.
The special ObjectClass __ACCOUNT__ is interpreted according to the value of the accountObjectClass configuration property.
The special ObjectClass __GROUP__ is interpreted according to the value of the groupObjectClass configuration property.