LDAP Extra Parameters

From iDENprotect Knowledge Base
Jump to: navigation, search

If you have not made any configuration changes yet, please see How to make configuration changes

Introduction

idenprotect Core Platform can be used with or without LDAP integration. After the initial installation, LDAP integration is disabled. If LDAP is enabled, idenprotect Core Platform connects idenprotect users' identities to an LDAP directory, such as Microsoft Active Directory.

This article will help you configure your User Synchronization job to store additional details. If you are looking to store information about Group membership, see LDAP Group Definitions

If you do not yet have your connection to LDAP Configured, see LDAP Connection Configuration If you have not yet configured the synchronization jobs, pleas see LDAP Admin Sync Configuration or LDAP User Sync Configuration


Configuring LDAP Extra Parameters

You can specify additional parameters in:

  • LDAP Extra Parameters under the LDAP section in the idenprotect Core Platform Admin Console Config Tab


ExtraLdap.png


This allows you to create a list of LDAP parameters and to map them to a friendlyName in the user database. E.g. you can create a map between "phone" and the LDAP attribute "telephoneNumber". With this mapping in place when the sync job runs the users, the idenprotect account will have a parameter called "phone" that will have a value for the users "telephoneNumber" in Active Directory.

It also possible to create Compound Ldap Attributes. For more details go to Compound Ldap Attributes