LDAP Settings (Remote LDAP Profile Source)

Note: You must install Oracle WebCenter Interaction Identity Service for LDAP to access this functionality.

To show the portal how to access the LDAP server from which you want to import users, how to recognize new user information, and how to separate multiple values:

  1. In the Server Address box, type the computer name or the IP address to the server to which this profile source connects: for example, myServer or 192.168.2.3.

  2. In the Security Mode box, type 1 for cleartext password authentication or type 2 for SSL password authentication.

  3. If necessary, in the User Query Base box, type the base of the LDAP query that returns all of the users that you want to synchronize. Together with the domain name, this forms the base of a query for all users in this profile source. The base defines where in the LDAP directory the portal starts searching for users.

    Leave this box blank if you want to search the entire directory.

  4. In the User Query Filter box, type a filter that limits the results to only the users you want to import.

  5. If necessary, in the LDAP User's Authentication Name box, type the user's authentication name for this profile source. Some LDAP directories allow anonymous access, in which case you can leave the name and password blank.

  6. If you entered a user authentication name, in the LDAP User's Authentication Password and the Confirm boxes, type the password associated with this user. This password is not encrypted before it is stored.

  7. In the LDAP Protocol Version box, type the LDAP version you are running. You must run LDAP Version 2 or 3.

  8. If you have an alternate port to which this LDAP directory connects, in the Alternate LDAP Port box, type the port number.

  9. In the Normalize DN Mode box, type 1. This should be set to 1 for new profile sources but should never be changed for existing profile sources.

  10. If necessary, in the User Unique Name Attribute box, type the attribute that uniquely identifies a user object. If left blank, the user's Distinguished Name (dn) is used.

  11. In the Version Attribute box, type the name of the LDAP attribute that you want to use to determine whether user information should be imported. When this profile source runs, for each user, the portal compares the attribute value it stored upon the last run of the profile source with the current attribute value in the source user repository. If the value matches, user information for that user is not updated; if the value does not match, user information is updated.

    Important: Including a version attribute greatly reduces the time it takes to import user information because the portal does not have to re-import information it already has. Therefore, including a version attribute is strongly recommended.

  12. In the Value Separator box, type the characters you want to place between values if an LDAP attribute has multiple values. For example, if a user has two values for an LDAP attribute, "value 1" and "value 2", and the separator is "; ", the imported value is "value 1; value 2". Remember to include a trailing space after the separator if you want a space between the values. If you omit a separator, then multiple attribute values will be assigned to multiple value properties.