10.3 LDAP connection parameters

The Portal page provides an LDAP Connection Parameters panel that you can use to:

Change the credentials used by the Identity Manager user application when connecting to the identity vault (LDAP provider)
View other LDAP properties of the Identity Manager user application

To administer LDAP connection parameters:

On the Portal page, select LDAP Connection Parameters from the navigation menu on the left.

The LDAP Connection Parameters panel displays:
Examine and modify the settings, as appropriate. For details, see:
- Section 10.2.1, Settings you can change
- Section 10.3.2, Read-only settings
If you make changes that you want to apply, click Submit.

10.3.1 Settings you can change

On the LDAP Connection Parameters panel, you can modify settings for the credentials to be used by the Identity Manager user application whenever it connects to the identity vault (LDAP provider). Your changes on this panel are saved to the user application’s database for use at runtime and checked against the identity vault. (Note that this panel does not update the original credential values recorded in the user application WAR during installation.)

Setting	What to do
Username	Type the name of a user who has full administrator rights in the identity vault. The Identity Manager user application needs to access the identity vault as an administrator in order to function. It is typical to specify the identity vault’s root administrator as the LDAP connection username. The root administrator has full control over the tree, so you need not assign any special trustee rights. For example: cn=admin,o=myorg If you specify some other user, you’ll need to assign inheritable trustee rights to the properties [All Attributes Rights] and [Entry Rights] on your user application driver. NOTE:To avoid confusion, it is recommended that you do not specify the user application’s User Application Administrator as the LDAP connection username. It is best to use separate accounts for these two different purposes.
Password and Confirm Password	Type the password that is currently set for that username in the identity vault.

Setting

What to do

Username

Type the name of a user who has full administrator rights in the identity vault. The Identity Manager user application needs to access the identity vault as an administrator in order to function.

It is typical to specify the identity vault’s root administrator as the LDAP connection username. The root administrator has full control over the tree, so you need not assign any special trustee rights.

For example:


cn=admin,o=myorg

If you specify some other user, you’ll need to assign inheritable trustee rights to the properties [All Attributes Rights] and [Entry Rights] on your user application driver.

NOTE:To avoid confusion, it is recommended that you do not specify the user application’s User Application Administrator as the LDAP connection username. It is best to use separate accounts for these two different purposes.

Password

and

Confirm Password

Type the password that is currently set for that username in the identity vault.

10.3.2 Read-only settings

The following settings are displayed for informational purposes only and cannot be changed on the LDAP Connection Parameters panel:

ALIAS_HANDLING	GROUP_USER_MEMBER_ATTRIB
ANONYMOUS_USER	KEYSTORE_PATH
AUTHORITY	LOGIN_ATTRIBUTE
CONNECTION_TIMEOUT	NAME
CONTAINER_OBJECT	OBJECT_ATTRIB
CONTAINER_OBJECT_ATTRIB	PROVISION_ROOT
CONTAINER_OBJECT2	REFERRAL
CONTAINER_OBJECT2_ATTRIB	ROOT_NAME
CONTAINER_OBJECT3	USE_DYNAMIC_GROUPS
CONTAINER_OBJECT3_ATTRIB	USE_REGISTERED_DYNAMIC_GROUPS
CONTAINER_OBJECT4	USE_SSL
CONTAINER_OBJECT4_ATTRIB	USER_GROUP_MEMBER_ATTRIB
CONTEXT_FACTORY	USER_OBJECT
DYNAMIC_GROUP_OBJECT	USER_ROOT_CONTAINER
GROUP_OBJECT	USER_SEARCH_SCOPE
GROUP_ROOT_CONTAINER	UUID_ATTRIB
GROUP_SEARCH_SCOPE	UUID_AUX_CLASS

The values of these settings are determined when you install the user application.