LDAPSyncSource

User data can be read from an LDAP system or the local Active Directory via the LdapSyncSource.

Note

The request returns only properties that are also stored in the LDAP. Use the useValueIfEmpty rule to ensure that all properties contain a correct default value or use the ignoreClaimIfEmpty option instead to ignore empty claims.

To see all LDAP properties, the LdapPropertiesToLoad attribute can be left empty. In this case all data should be returned. However, this is only recommended during initial configuration, as it negatively affects performance.

Configuration

<LdapSyncSource name="Custom LDAP" queryKey="OneOffixxIdentifier">
    <LdapServer>server</LdapServer>
    <LdapIsSsl>false</LdapIsSsl>
    <LdapOverwriteSslVerificationAndReturnTrue>false</LdapOverwriteSslVerificationAndReturnTrue>
    <LdapBaseDnPath>dnpath</LdapBaseDnPath>
    <LdapUser>username</LdapUser>
    <LdapPassword>{c[EppG4YXFJowewksCXa63tdk4+JnpZXRBGPBfajY+HpU=]}</LdapPassword>
    <LdapAuthType>Basic</LdapAuthType>
    <LdapFilter>filtervalue</LdapFilter>
    <LdapEncodingCodePage>65001</LdapEncodingCodePage>
    <LdapUseV3ProtocolVersion>false</LdapUseV3ProtocolVersion>
    <LdapPropertiesToLoad>cn,displayName,title,thumbnailPhoto</LdapPropertiesToLoad>
    <Claims>
        <Claim type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" property="cn" />
        <Claim type="http://schema.oneoffixx.com/ws/2011/01/identity/claims/displayName" property="displayName" />
        <Claim type="http://schema.oneoffixx.com/ws/2011/01/identity/claims/title" property="title" />
        <Claim type="http://schema.oneoffixx.com/ws/2011/01/identity/claims/userImage" property="thumbnailPhoto" />
    </Claims>
</LdapSyncSource>

Options

  • LdapServer If no value is set, the current Active Directory is used. Default Port: 389.
  • LdapIsSsl Default: false; optional.
  • LdapOverwriteSslVerificationAndReturnTrue Default: false; optional.
  • LdapBaseDnPath If no value is set, the current Active Directory DN path is used.
  • LdapUser Default: Current user; optional.
  • LdapPassword Default: Current password from user; optional, encrypted or plain text.
  • LdapAuthType Default: 'Basic', optional. Anonymous: no authentication
    • Basic: Basic authentication
    • Negotiate: Microsoft Negotiate authentication
    • Ntlm: Windows NT Challenge/Response (NTLM) authentication
    • Digest: Digest Access authentication Sicily: Negotiation mechanism (Sicily) is used to use MSN, DPA or NTLM. This should only be used for LDAP server version 2.
    • Dpa: Distributed Password authentication
    • Msn: Microsoft Network Authentication Service
    • External: an external method is used for authentication
    • Kerberos: Kerberos Authentication
  • LdapFilter If no value is set and the queryKey is OneOffixx, the objectSid filter is used.
  • LdapEncodingCodePage Default: 65001, optional, possible values
  • LdapUseV3ProtocolVersion Default: false, optional.
  • LdapPropertiesToLoad Properties to load, separated by commas.

ResultMapping

The LdapSyncSource supports the following mapping format:

<?xml version="1.0" encoding="utf-8" ?>
<LdapSyncSource name="Custom LDAP" queryKey="OneOffixxIdentifier">
    <LdapServer>server</LdapServer>
    <LdapIsSsl>false</LdapIsSsl>
    <LdapOverwriteSslVerificationAndReturnTrue>false</LdapOverwriteSslVerificationAndReturnTrue>
    <LdapBaseDnPath>dnpath</LdapBaseDnPath>
    <LdapUser>username</LdapUser>
    <LdapPassword>{c[EppG4YXFJowewksCXa63tdk4+JnpZXRBGPBfajY+HpU=]}</LdapPassword>
    <LdapAuthType>Basic</LdapAuthType>
    <LdapFilter>filtervalue</LdapFilter>
    <LdapEncodingCodePage>65001</LdapEncodingCodePage>
    <LdapUseV3ProtocolVersion>false</LdapUseV3ProtocolVersion>
    <LdapPropertiesToLoad>cn,displayName,title,thumbnailPhoto</LdapPropertiesToLoad>
    <ResultMapping>
        <Mapping>
            <Map Source="displayName" Target="PropertyX" />
        </Mapping>
    </ResultMapping>
    <Claims>
        <Claim type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" property="cn" />
        <Claim type="http://schema.oneoffixx.com/ws/2011/01/identity/claims/displayName" property="displayName" />
        <Claim type="http://schema.oneoffixx.com/ws/2011/01/identity/claims/title" property="title" />
        <Claim type="http://schema.oneoffixx.com/ws/2011/01/identity/claims/userImage" property="thumbnailPhoto" />
		<Claim type="http://schema.oneoffixx.com/ws/2011/01/identity/claims/fromMapping" property="PropertyX" />
    </Claims>
</LdapSyncSource>

The target is a value that must correlate with the property parameter of a claim. Details and configuration examples can be found here: Mapping.