Source Tab Configuration: Standard LDAP Directories

Created: 2019-07-16 12:09:44
Modified: 2023-12-06 10:27:52
Tags: Active Directory AD LDS ADAM UnitySync

LDAP is the protocol required to access any LDAP directory. LDAP directories include Active Directory (with or without Exchange), AD LDS, Notes, etc. The following configuration items may be available on the UnitySync Source Tab for a standard LDAP directory. If an LDAP directory does not support a particular function, the related UnitySync option will not be available as a configurable option on the tab.

LDAP Connection Information Box

IP: IP address or host name of the Source system. For an Active Directory Source, if you want to pull the entire forest, specify the IP address where the Active Directory Global Catalog (GC) resides. Otherwise, you must specify the address of a Domain Controller (DC). In v4.0 and later you may specify more than one IP or hostname separated by commas to act as failover in case the first IP/hostname cannot connect.

IMPORTANT NOTE: ll relevant connections must use the same values/order. Otherwise, you may receive a license error as UnitySync will count all the first listed IP’s as separate directories. Say you are using and Hostnames for these servers are ServerA and ServerB. Each time you want to use list B as a failover for A, you want to be sure to list it the same way each time, and not use A as a failover for B. You can use either hostname or IP but please be consistent.

Encryption: The SSL parameter can be used to set the port and may enable additional functionality.

  • No Encryption: (default) sets standard port (389), no encryption

  • StartTLS: allows encryption over standard non-encrypted port (389)

  • SSL/TLS - Basic: sets SSL standard port (636), enables encryption but not expiration checking of certificates.

  • SSL/TLS - Expiration Check: sets SSL port (636), enables encryption and expiration checking of certificates.

IMPORTANT NOTE: *Directory Wizards strongly recommends using SSL/TLS options if you desire encryption, but provides the StartTLS option as an alternate. If you have any questions regarding the security of your connection, please contact our Technical Support Team.

ID: The DN of an administrative or authenticated account. This is required information when using Active Directory and Office 365. It can be left blank for anonymous login for other LDAP directory types (if enabled). When restricting the Source directory to read-only access this account does not have to be administrative.

Password: The password that corresponds to the ID specified.

TEST button: Clicking this will test that the information provided in the other fields is valid to provide access to the Source location.

Object Types Box

Available Object Types will differ depending on which directory type you are pulling from. Examples of Object Types that might be available are: Users, Contacts, Groups, Folders, Hidden. Only those Object types selected here will be included in the sync.

HINT: When syncing from an AD/Ex20xx Source, if you wish to only pull User Accounts with a Mailbox, see our knowledge base article for detailed information.

Optional - Source Context Box

By default, the sync will read from the root of the Source directory. You may choose to pull from a specific location by entering the complete DN syntax of the Source container here. For example, to pull a specific container in AD, the format is:

ou=Contacts,ou=London Office,dc=domain,dc=com

IMPORTANT NOTE: For AD LDS, OpenLDAP and others, a Source Context Selection DN is required.

Selection DN Syntax

When pulling objects from the Source system, the default (blank Selection DN) will start at the top of the tree. You may override the default by specifying a Selection DN in the Source Context field to indicate where in the LDAP tree you would like to start. This applies if you want to pull only one small piece of the tree (container/ou) rather than pulling the whole tree. Multiple selections may be specified separated by a | symbol.

Example Active Directory syntax:

ou=MyOU Name,ou=MyParent OU Name,dc=domain,dc=com

HINT: Use ADSI to see complete LDAP syntax for your directory.

Example other LDAP directory syntax:

ou=MyOU Name,ou=MyParent OU Name,o=Top

IMPORTANT NOTE: For the Source systems of ActiveDir, Exchange, Netscape, NDS, & Notes the starting point is automatically detected. If you leave this option BLANK you will pull the entire Source directory. This is the default. AD LDS, OpenLDAP and some other Source types may require a Selection DN be specified to identify the root to pull from.

Optional - LDAP Query Filter Box

When the Source is an LDAP directory, UnitySync sends an LDAP query and asks for specific information. Filters can be used to include and/or exclude objects based on their values. This option is only valid against an LDAP Directory Source (not odbc, ldif, csv etc). See Filters: Optional - LDAP Query Filter for more information.

Share this article:

  1. Directify - Self Service

  2. Mimic - Replication

  3. UnitySync - Sync
  1. emPass - Sync
  1. Profiler
  2. SimpleSync