Edit LDAP Connections

About this task

To edit an LDAP connection:

Procedure

  1. In the SOTI Identity Admin Console, open the main menu and select Directories/IDP.
  2. Select the LDAP connection you want to edit and then click Edit in the Actions bar along the bottom of the screen.
  3. In the Configure LDAP dialog box, edit the LDAP connection as needed.
    LDAP Server Select the type of LDAP server from drop-down list. A selected server type defines the default search attributes. Select any one of the server types:
    • Active Directory: This directory service refers to Microsoft Active Directory (AD), which stores and organizes information about the users.
    • Domino: This LDAP directory service refers to IBM Domino Directory, which stores and organizes information about the users.
    • Open Directory: This LDAP directory service refers to Apple Open Directory, which stores and organizes information about the users.
    Name Enter the name of the LDAP connection. SOTI Identity checks the availability of the name within its system. Unavailable names are flagged and you cannot save the LDAP connection until it is updated.
    Domain Select a domain from the dropdown list.

    Domains control who can (or can't) log into a SOTI Identity account and its associated applications. Each LDAP connection is mapped to a domain.

    Only domains that are verified appear in this list.
    Server Enter the complete LDAP server address.
    Port The default port number for making LDAP server connections is 389 (or 636 if you are using Secure Sockets Layer (SSL)). However, the port can be any value, it simply has to match the server's settings.
    Use SSL Select Use SSL option to secure the LDAP communication over SSL tunnel.
    Accept Untrusted Certificate Select this option to allow SSL connection to use an untrusted certificate, which in most cases is a self-signed CA root certificate. It is not recommended to enable this option in live environments.
    Authentication Type Select the authentication type necessary for connecting to the server. This should match the server's settings.
    • Anonymous: This indicates that the connection is made without passing credentials.
    • Basic: This indicates that the connection is made using basic authentication.
    • Negotiate: This indicates that the connection is made using Microsoft Windows Negotiate authentication.
    User Enter the username for binding to the LDAP connection. This option is active when the authentication type is Basic or Negotiate.
    Password Enter the password of the binding user.
    Base DN Define the highest level of the LDAP search scope. The Base DN is a point from where the server searches for users. The top level of the LDAP directory tree is the base and referred to as the Base DN or RootContainer. Base DNs that are unavailable in SOTI Identity system are flagged and you cannot save the LDAP connection until it is updated.
    Referrals Control whether the LDAP connection can follow references to alternative locations where the LDAP request may be processed.

    Enable Follow Referrals to allow the binding server and the referral servers listed in the search response to be searched.

    Enable Follow Static Referrals to allow the binding server, the referral servers, and the servers in the static referral server list to be searched. Follow Referrals must be enabled to apply this setting.
  4. Click Update to save your changes.