LDAP Gateway


UNIFYBroker can act as a LDAP server, enabling interactions with target identity managers over LDAPv3. LDAP is a standard protocol which enables support with any LDAP client.


A LDAP gateway enables create/read/update/delete operations against the adapter entity contexts in UNIFYBroker using the LDAPv3 protocol. For details on the protocol, see RFC 4511.

Entity Contexts

The entity contexts can be accessed at OU=[ContainerName],DC=IdentityBroker (see Adapter Overview for configuration details). For example, an adapter with a container name of Users would have its entity context located at OU=Users,DC=IdentityBroker.


Under Single Schema Mode, the schema for the LDAP server is located at cn=schema. When Single Schema Mode is not enabled, each adapter has its own schema which is located at CN=[ContainerName],cn=schema. For example, an adapter with a container name of Users would have its schema located at CN=Users,cn=schema. For more details on Single Schema Mode, see LDAP Single Schema Mode.


The changelog is located at cn=changelog.


In addition to the common gateway configuration shared by all gateways, the LDAP gateway requires the following by way of configuration:

Image 3857

Name Description
IP Address The IP address, by default, is set to the local loopback address which is suitable for instances where UNIFYBroker and the LDAP client are on the same machine. If the LDAP client is not local to UNIFYBroker, a network IP address should be used. To bind to any local IP, use
Port The network port which LDAP traffic is to be sent over. The default (389) is the standard LDAP port, but can be set to any valid, unused port.
Max Bulk Operations The maximum allowed number of update requests per bulk operation. See Bulk Write Operations for more information.

Is this article helpful for you?