DirWiz Logo

Article Tags

Source Tab Configuration: Standard LDAP Directories

2019-08-21 14:37:51
AD LDS ADAM Active Directory UnitySync 

LDAP is the protocol required to access any LDAP directory. LDAP directories include Active Directory (with or without Exchange), AD LDS, Notes, etc. The following configuration items may be available on the UnitySync Source Tab for a standard LDAP directory. If an LDAP directory does not support a particular function, the related UnitySync option will not be available as a configurable option on the tab.

LDAP Connection Information Box

IP/DNS: IP address or host name of the Source system. For an Active Directory Source, if you want to pull the entire forest, specify the IP address where the Active Directory Global Catalog (GC) resides. Otherwise, you must specify the address of a Domain Controller (DC).

PORT: The LDAP port you have configured in your Source directory. LDAP typically uses port 389, but this can be set to any valid TCP/IP port the Source server is listening on.

SSL: The SSL parameter can be used to set the port and may enable additional functionality.

  • No: (default) sets standard port (389), no encryption

  • StartTLS: allows encryption over standard non-encrypted port (389)

  • SSL/TLS - Basic: sets SSL standard port (636), enables encryption but not expiration checking of certificates.

  • SSL/TLS - Expiration Check: sets SSL port (636), enables encryption and expiration checking of certificates.

IMPORTANT NOTE: *Directory Wizards strongly recommends using SSL/TLS options if you desire encryption, but provides the StartTLS option as an alternate. If you have any questions regarding the security of your connection, please contact our Technical Support Team.

  • CA Cert: This option is available if either SSL option is enabled. Select the appropriate CA Cert from the drop-down box. At sync time, the SSL certificate is validated against the CA Cert to confirm it was generated by the same Certificate Authority. This requires the appropriate CA Cert to exist in the …\ UnitySync-v#\global\ssl directory. For more information on CA Cert usage, refer to the SSL CA Cert Requirements topic, below.

ID: The DN of an administrative or authenticated account. This is required information when using Active Directory and Office 365. It can be left blank for anonymous login for other LDAP directory types (if enabled). When restricting the Source directory to read-only access this account does not have to be administrative.

Password: The password that corresponds to the ID specified.

TEST button: Clicking this will test that the information provided in the other fields is valid to provide access to the Source location.

SSL CA Cert Requirements

SSL CA Cert Validation function is available when any SSL option is enabled (SSL/TLS - Basic or SSL/TLS - Expiration Checking). The following CA Certificate configuration is required before the option will display in the CA Certs in the LDAP Configuration Info section of your connection:

  1. A CA Cert must be obtained from the appropriate Certificate Authority.
  2. The CA Cert must be in the following format: Base 64 Encoded x.509 (.cer)
  3. The CA Cert must be copied into the following directory on your UnitySync server: …\UnitySync-v#\global\ssl

If you need more information to configure your SSL connection, please review the LDAP SSL topic in our knowledge base.

Object Types Box

Available Object Types will differ depending on which directory type you are pulling from. Examples of Object Types that might be available are: Users, Contacts, Groups, Folders, Hidden. Only those Object types selected here will be included in the sync.

HINT: When syncing from an AD/Ex20xx Source, if you wish to only pull User Accounts with a Mailbox, see our knowledge base article for detailed information.

Optional - Source Context Box

By default, the sync will read from the root of the Source directory. You may choose to pull from a specific location by entering the complete DN syntax of the Source container here. For example, to pull a specific container in AD, the format is:

ou=Contacts,ou=London Office,dc=domain,dc=com

IMPORTANT NOTE: For AD LDS, OpenLDAP and others, a Source Context Selection DN is required.

Selection DN Syntax

When pulling objects from the Source system, the default (blank Selection DN) will start at the top of the tree. You may override the default by specifying a Selection DN in the Source Context field to indicate where in the LDAP tree you would like to start. This applies if you want to pull only one small piece of the tree (container/ou) rather than pulling the whole tree. Multiple selections may be specified separated by a | symbol.

Example Active Directory syntax:

ou=MyOU Name,ou=MyParent OU Name,dc=domain,dc=com

HINT: Use ADSI to see complete LDAP syntax for your directory.

Example other LDAP directory syntax:

ou=MyOU Name,ou=MyParent OU Name,o=Top

IMPORTANT NOTE: For the Source systems of ActiveDir, Exchange, Netscape, NDS, & Notes the starting point is automatically detected. If you leave this option BLANK you will pull the entire Source directory. This is the default. AD LDS, OpenLDAP and some other Source types may require a Selection DN be specified to identify the root to pull from.

Optional - LDAP Query Filter Box

When the Source is an LDAP directory, UnitySync sends an LDAP query and asks for specific information. Filters can be used to include and/or exclude objects based on their values. This option is only valid against an LDAP Directory Source (not odbc, ldif, csv etc). See Filters: Optional - LDAP Query Filter for more information.

Share this article: Twitter reddit