LDAP Gateway

Overview

Identity Broker can act as a LDAP server, enabling interactions with target identity managers over LDAPv3. LDAP is a standard protocol which enables support with any LDAP client.

Usage

A LDAP gateway enables create/read/update/delete operations against the adapter entity contexts in Identity Broker using the LDAPv3 protocol. For details on the protocol, see RFC 4511.

Entity Contexts

The entity contexts can be accessed at OU=[ContainerName],DC=IdentityBroker (see Adapter Overview for configuration details). For example, an adapter with a container name of Users would have its entity context located at OU=Users,DC=IdentityBroker.

Schemas

Under Single Schema Mode, the schema for the LDAP server is located at cn=schema. When Single Schema Mode is not enabled, each adapter has its own schema which is located at CN=[ContainerName],cn=schema. For example, an adapter with a container name of Users would have its schema located at CN=Users,cn=schema. For more details on Single Schema Mode, see LDAP Single Schema Mode.

Changelog

The changelog is located at cn=changelog.

Configuration

In addition to the common gateway configuration shared by all gateways, the LDAP gateway requires the following by way of configuration:

Name Description
IP Address The IP address, by default, is set to the local loopback address which is suitable for instances where Identity Broker and the LDAP client are on the same machine. If the LDAP client is not local to Identity Broker, a network IP address should be used. To bind to any local IP, use 0.0.0.0.
Port The network port which LDAP traffic is to be sent over. The default (389) is the standard LDAP port, but can be set to any valid, unused port.
Max Bulk Operations The maximum allowed number of update requests per bulk operation. See Bulk Write Operations for more information.

Is this article helpful for you?