Source Tab Configuration: Standard LDAP Directories2019-08-21 14:37:51
AD LDS ADAM Active Directory UnitySync
LDAP is the protocol required to access any LDAP directory. LDAP directories include Active Directory (with or without Exchange), AD LDS, Notes, etc. The following configuration items may be available on the UnitySync Source Tab for a standard LDAP directory. If an LDAP directory does not support a particular function, the related UnitySync option will not be available as a configurable option on the tab.
LDAP Connection Information Box
IP/DNS: IP address or host name of the Source system. For an Active Directory Source, if you want to pull the entire forest, specify the IP address where the Active Directory Global Catalog (GC) resides. Otherwise, you must specify the address of a Domain Controller (DC).
PORT: The LDAP port you have configured in your Source directory. LDAP typically uses port 389, but this can be set to any valid TCP/IP port the Source server is listening on.
SSL: The SSL parameter can be used to set the port and may enable additional functionality.
No: (default) sets standard port (389), no encryption
StartTLS: allows encryption over standard non-encrypted port (389)
SSL/TLS - Basic: sets SSL standard port (636), enables encryption but not expiration checking of certificates.
- SSL/TLS - Expiration Check: sets SSL port (636), enables encryption and expiration checking of certificates.
IMPORTANT NOTE: *Directory Wizards strongly recommends using SSL/TLS options if you desire encryption, but provides the StartTLS option as an alternate. If you have any questions regarding the security of your connection, please contact our Technical Support Team.
- CA Cert: This option is available if either SSL option is enabled. Select the appropriate CA Cert from the drop-down box. At sync time, the SSL certificate is validated against the CA Cert to confirm it was generated by the same Certificate Authority. This requires the appropriate CA Cert to exist in the …\ UnitySync-v#\global\ssl directory. For more information on CA Cert usage, refer to the SSL CA Cert Requirements topic, below.
ID: The DN of an administrative or authenticated account. This is required information when using Active Directory and Office 365. It can be left blank for anonymous login for other LDAP directory types (if enabled). When restricting the Source directory to read-only access this account does not have to be administrative.
Password: The password that corresponds to the ID specified.
TEST button: Clicking this will test that the information provided in the other fields is valid to provide access to the Source location.
SSL CA Cert Requirements
SSL CA Cert Validation function is available when any SSL option is enabled (SSL/TLS - Basic or SSL/TLS - Expiration Checking). The following CA Certificate configuration is required before the option will display in the CA Certs in the LDAP Configuration Info section of your connection:
- A CA Cert must be obtained from the appropriate Certificate Authority.
- The CA Cert must be in the following format: Base 64 Encoded x.509 (.cer)
- The CA Cert must be copied into the following directory on your UnitySync server: …\UnitySync-v#\global\ssl
If you need more information to configure your SSL connection, please review the LDAP SSL topic in our knowledge base.
Object Types Box
Available Object Types will differ depending on which directory type you are pulling from. Examples of Object Types that might be available are: Users, Contacts, Groups, Folders, Hidden. Only those Object types selected here will be included in the sync.
HINT: When syncing from an AD/Ex20xx Source, if you wish to only pull User Accounts with a Mailbox, see our knowledge base article for detailed information.
Optional - Source Context Box
By default, the sync will read from the root of the Source directory. You may choose to pull from a specific location by entering the complete DN syntax of the Source container here. For example, to pull a specific container in AD, the format is:
IMPORTANT NOTE: For AD LDS, OpenLDAP and others, a Source Context Selection DN is required.
Selection DN Syntax
When pulling objects from the Source system, the default (blank Selection DN) will start at the top of the tree. You may override the default by specifying a Selection DN in the Source Context field to indicate where in the LDAP tree you would like to start. This applies if you want to pull only one small piece of the tree (container/ou) rather than pulling the whole tree. Multiple selections may be specified separated by a | symbol.
Example Active Directory syntax:
ou=MyOU Name,ou=MyParent OU Name,dc=domain,dc=com
HINT: Use ADSI to see complete LDAP syntax for your directory.
Example other LDAP directory syntax:
ou=MyOU Name,ou=MyParent OU Name,o=Top
IMPORTANT NOTE: For the Source systems of ActiveDir, Exchange, Netscape, NDS, & Notes the starting point is automatically detected. If you leave this option BLANK you will pull the entire Source directory. This is the default. AD LDS, OpenLDAP and some other Source types may require a Selection DN be specified to identify the root to pull from.
Optional - LDAP Query Filter Box
When the Source is an LDAP directory, UnitySync sends an LDAP query and asks for specific information. Filters can be used to include and/or exclude objects based on their values. This option is only valid against an LDAP Directory Source (not odbc, ldif, csv etc). See Filters: Optional - LDAP Query Filter for more information.