LDAP Settings (Remote LDAP Authentication Source)

Note: You must install Oracle WebCenter Interaction Identity Service for LDAP to access this functionality.

To show the portal how to access the LDAP server from which you want to import users:

  1. In the Server Address box, type the computer name or the IP address to the server to which this authentication source connects: for example, myServer or 192.168.2.3.

  2. In the Security Mode box, type 1 for cleartext password authentication or type 2 for SSL password authentication.

  3. If necessary, in the User Query Base box, type the base of the LDAP query that returns all of the users that you want to synchronize. Together with the domain name, this forms the base of a query for all users in this authentication source. The base defines where in the LDAP directory the portal starts searching for users.

    Leave this box blank if you want to search the entire directory.

  4. In the User Query Filter box, type a filter that limits the results to only the users you want to import.

  5. In the User Name Attribute box, type the attribute that contains the name of the user: for example, cn.

  6. If necessary, in the User Authentication Name Attribute box, type the attribute used to bind to the LDAP directory.

    Because the default behavior for LDAP directories is to bind using the DN (Distinguished Name) value, if you leave the User Authentication Name Attribute box empty, the DN attribute is used. However, in some LDAP systems, another attribute is used; for example, your system might bind using the value in the SecurityObject field. To bind using an attribute other than the DN, type the name of that attribute here.

  7. If necessary, in the Group Query Base box, type the base of the LDAP query that returns all of the groups that you want to synchronize. Together with the domain name, this forms the base of a query for all groups in this authentication source. The base defines where in the LDAP directory the portal starts searching for groups.

    Leave this box blank if you want to search the entire directory.

  8. In the Group Query Filter box, type a filter that limits the results to only the groups you want to import: for example, objectclass=GroupofNames.

  9. In the Group Name Attribute box, type the attribute that contains the name of the group: for example, on.

  10. In the Group Membership Attribute box, type the attribute that contains a group's membership information. This is the attribute on the LDAP group object that contains the DNs (distinguished names) of the users or groups who are members of this group: for example, Member.

  11. In the Group Last Modified Attribute box, type the attribute that contains a group's last modified information. This attribute is used to determine if a group has changed since the last time it was sychronized: for example, modifyTimestamp.  Specifying this attribute can allow sychronizations to run faster by not requesting the members of groups that haven't changed.  If left blank a group's memberships will always be requested.

  12. If necessary, in the LDAP User's Authentication Name box, type the user's authentication name for this authentication source. Some LDAP directories allow anonymous access, in which case you can leave the name and password blank.

  13. If you entered a user authentication name, in the LDAP User's Authentication Password and the Confirm boxes, type the password associated with this user. This password is not encrypted before it is stored.

  14. In the LDAP Protocol Version box, type the LDAP version you are running. You must run LDAP Version 2 or 3.

  15. If you have an alternate port to which this LDAP directory connects, in the Alternate LDAP Port box, type the port number.

  16. In the Normalize DN Mode box, type 1. This should be set to 1 for new authentication sources but should never be changed for existing authentication sources.

  17. If necessary, in the User Unique Name Attribute box, type the attribute that uniquely identifies a user object. If left blank, the user's Distinguished Name (dn) is used.

  18. If necessary, in the Dynamic Group Query Base box, type the base of the LDAP query that returns all of the dynamic groups that you want to synchronize. Together with the domain name, this forms the base of a query for all dynamic groups in this authentication source. The base defines where in the LDAP directory the portal starts searching for dynamic groups.

  19. If necessary, in the Dynamic Group Query Filter box, type a filter that limits the results to only the dynamic groups you want to import: for example, objectclass=GroupofUrls.

  20. If necessary, in the Dynamic Group Name Attribute box, type the attribute that contains the name of the dynamic group: for example, cn.

  21. If necessary, in the Dynamic Group URL Attribute box, type the attribute that contains the dynamic group membership information. This is the attribute of the LDAP dynamic group object that contains the LDAP URL: for example, MemberURL.

  22. To specify the page size used when requesting results from the LDAP server, enter a number in the LDAP Paging Size box.  This can be used if your LDAP server has a maximum return size set, or if you want to limit the amount of memory usage on the computer that hosts the LDAP identity service software.  Note: Not all LDAP servers support paging.

  23. If you want to save these settings as a template to be used for other authentication sources, in the Save This Template As box, type a name for the template.

When you click another page in this editor or when you click Finish, the portal tries to find the domain and reports any errors it encounters.