Configure Directory Service
Follow these 3 steps to configure the directory service:
Navigate to Configuration > LDAP.
The LDAP section has multiple subsections. Complete all fields and click Save. Then Test Connection and Certificate Settings.
Note
If using Active Directory, most of the defaults are right except for the ones specific to the enrivonment. For more information on OpenLDAP configuration, reference the OpenLDAP Default Configuration section.
If the connection is valid, a pop-up displays to confirm. Click Save.
Directory Indexing Guide
To ensure performance creating the following indexes listed in this table.
Name | LDAP Attribute | Index Type |
|---|---|---|
First Name | givenName | Value |
First Name | givenName | Substring1 |
Last Name | sn | Value |
Last Name | sn | Substring1 |
Internet Email Address | Value | |
Internet Email Address | Substring1 | |
Resource Association | idautoRequestAssociations | Substring |
Resource Association | idautoRequestAssociations | Presence |
Group Membership | groupMembership (memberOf) | Value |
ID Auto ID | idautoID | Value |
1Only necessary if enabling wildcard searches.
Please ensure the idautoID attribute is equality-indexed as all modules search quite often on those values.
Any item defined in the GAL as “Searchable” should be indexed or made not-searchable.
The general guidelines for Profiles would be to make sure all attributes used in delegations (both Source Filter and Target Filter) are indexed appropriately for the way they're used in the filters.
For Roles, ensure that the attributes idautoGroupOwners and idautoGroupCoOwners are equality-indexed and the idautoGroupLastSynced is presence-indexed.
Other attributes used in the dynamic membership/exclusion filters should also be indexed based on how they're used in the filters.
For Microsoft Active Directory implementations please refer to the Microsoft documentation on how to create indexes.
For Novell eDirectory implementations please refer to the Novell documentation on how to create indexes.