OpenLDAP - User and Profile Sync
This document will help you to add a new OpenLDAP User Source rather than an other directory sources.
📘 Instructions
This documentation will contain two main steps.
Adding a User Source
Configuring the Settings
Active Directory and LDAP settings are different. Please consider to use LDAP settings rather than Active Directory settings. On Monosign for version 2023.01, we need to use following configuration for LDAP.
1. Adding a User Source
Create your User Source on Monosign and select the type Active Directory / LDAP by reading the documentation.
2. Configuring the Settings
Monosign has different LDAP options. Click Settings to configure details.
When you have your page, select a different option than Microsoft Active Directory. Such as OpenLDAP, Oracle Unified Directory, or find your provider.
Example configurations
After you have finished it, please use the following options to configure it.
Domain Username and Password
Setting | Value | Example(s) |
|---|---|---|
Domain Ip or Host | Type your DNS or IP address |
|
Port | Your LDAP Port |
|
Use Secure Connection | Yes or No depending your settings |
|
User Base DN | Your users Base DN |
|
User Search Container | Your can use multiple search container for your users store. |
|
Group Base DN | Your groups Base DN |
|
Group Search Container | Your can use multiple search container for your groups store. |
|
Domain Name | Your domain name |
|
Domain UserName | Username for authentication |
|
Domain Password | Password of the Domain UserName |
|
Sample UserName | Username if you want healtcheck |
|
Sample Password | Password of the Sample UserName |
|
Use BaseDN for Authentication | Should be Yes for LDAP |
|
These settings are enough for the first connection but not enough for filters and more. Let’s continue. The following settings are also required for Filters.
Domain Ip or Host field allows for multiple domains to be configured. You can enter domains by separating them with commas.
Manages hostnames with connection errors in Monosign via blacklist. If I have only one hostname and encounter a connection error, it is added to the blacklist immediately and will not be removed until the next restart. If there is multiple hostnames, hostname is added to blacklist for 10 minutes and during this interval the other hostnames will be used.
Settings | Value |
|---|---|
User Search Filter |
|
Group Search Filter |
|
Text Filter |
|
Basic Text Filter |
|
Id Filter |
If you are using both uid and cn name for user, you need to change it with;
For Oracle Unified Directory
|
You can also use your filter settings if you know what to do. You can also use mappings to map your attributes to your Monosign Profile. On the left side, your LDAP attribute name; on the right side, it should be your Profile Property Name (without spaces).
Modify Attributes for LDAP
In Oracle Unified Directory, Modify Date and Create Date attributes differ from Active Directory. For example, in Active Directory, these attributes are whenChanged and whenCreated. And also, you need to change Password Attribute for Oracle and may also some directories too.
Property | Value | Example |
|---|---|---|
Create Date-Time Attribute |
| 20230223093716Z |
Modify Date-Time Attribute |
| 20230224231708Z |
Password Attribute |
|
Example Mappings
When you click Test, you are going to see the following UI. I don’t have any Groups in my directory. That’s why one of the items seems to be different in color.
These settings are enough for your environment. If you want more, please talk to your support.