LDAP

Guide for configuring connections to LDAP servers.

You can configure multiple LDAP connections and you use these connection from other guides/configurations.

Start guide

Start the guide by clicking on the '+' sign next to the LDAP menu item.

Start guide

Use previous and next to navigate through the steps in the guide. You can choose to cancel the guide at any time (information entered will be lost).

Navigation

Guide steps

Connection

Name your connection and give it an optional description. Name will be displayed when other guides prompts for a connection.

Connection

Connection details

Specify the host and port of the LDAP server.

Host can be a hostname, an IP or a DNS name.

To enable failover on the connection, comma (',') separate multiple hosts. If the failover servers uses the same port, you only need to specify port once. If not, specify ports comma separated for each host in the same order as you specified the hosts.

Examples:

Single server:

Host: localhost
Port: 389

Multiple servers, same port:

Host: host1,host2,host3
Port: 389

Multiple servers, different ports:

Host: host1,host2,host3
Port: 389,10389,389

NOTE:
Multiple ports must be set through "Database connections" on the Advanced tab

Connection details

Credentials

Specify credentials for the connection.

Note: Make sure the account has appropriate access rights in the data source

Credentials

SSL

Specify if the connection should be encrypted and use SSL/TLS. This option requires SSL/TLS to be enabled on the LDAP server.

To establish trust between the PhenixID server and the LDAP server, the LDAP server SSL certificate chain must be added to the PhenixID server trust store managed by the Java Virtual Machine PhenixID server uses (bundled). This is an advanced administrative task not covered by this documentation.

To skip trust check between PhenixID server and LDAP, enable 'Trust all'.

SSL

Test connection

Before you create the connection you can test current settings. If the connection test fails, step back in guide and adjust your settings.

It is possible to create a connection even though the connection test failed.

Note: Connection test is performed from the actual backend PhenixID server instance (or cluster) that is running the Configuration Manager application and not from your local machine.

Test connection

Summary

Review your configuration and click 'Create' to create the connection.

The connection will be available when the guide has completed.

Summary

Edit guide configuration

To edit a connection, select the connection in the lefthand menu.

Note: Changes are hot. When you save, the server will reload and apply your changes immediately.

Edit guide configuration

In the LDAP connection edit view you can change all settings on a connection (including properties not displayed in the guide).

When done editing, click 'Save' to save your changes.

To delete the connection, click 'Delete'. Note: Make sure that the connection is not used by any configuration before you delete it. If you remove a connection that is in use, you will brake the configuration and the server will not work as expected.

Properties

  • Name: Connection name
  • Description: Connection description (optional)
  • Created: Timestamp when configuration was created (read only)
  • Scenario Id: Internal ID of this configuration (read only)
  • Host: Connection host name or IP
  • Port: Connection port
  • Bind DN: DN used binding to the LDAP server
  • Password: Password used binding to the LDAP server
  • Use SSL/TLS: Turns on the use of SSL/TLS (encrypted network communication) (Default: off)
  • Trust all: Turns off certificate trust checks for SSL/TLS (Default: off)
  • Follow referrals: Turns on LDAP follow referrals option (Default: off)
  • Auto reconnect: Turns on reconnect on broken connections (Default: on)
  • Use keep alive: Turns on connection keep alive (Default: on)
  • Response timeout: Set maximum time to wait for a response from the LDAP server. Set to '0' to wait forever (NOT recommended) (Default: 30000)
  • Connection pool initial size: The initial number of connection created in the pool. (Default: 1)
  • Connection pool max size: Max number of connections allowed in the pool. (Default: 2)
  • Connection pool max age: The max age in milliseconds of a connection in the pool. When age is reached the connection is automatically recreated. Set to '0' to allow connections to live forever. (Default: 0)