+

Search Tips   |   Advanced Search

Configure an Active Directory endpoint - Federated Directory Server

To configure an Active Directory as an endpoint, you must specify the LDAP URL, login name with credentials, the search base, and root suffix.


Before you begin

Ensure that you create an endpoint and specify the type as Active Directory. See Configure endpoints.


Procedure

  1. On the Active Directory endpoint configuration page, in the LDAP URL field, enter the LDAP URL of the Active Directory service you want to access.

    The LDAP URL format is ldap://hostname:port or ldap://server_IP_address:port.

    For example: ldap://localhost:389

    Note: The default LDAP port number is 389. If you are using SSL, the default LDAP port number is 636. For more information about setting up SSL for Active Directory connections, see the SDI documentation and search for Microsoft Active Directory SSL configuration.

  2. In the User Login and Password fields, enter the distinguished name and credentials for authentication to the service.

    For example: cn=administrator,cn=users,dc=your_domain,dc=com

  3. In the Include entries from the following container field, enter the search base of the source directory under which entries are read for synchronization. Alternately, we can click Contexts and select from the LDAP Search Base list and then click OK.

    For example: dc=your_domain,dc=com

    Note: For Active Directory, this value must be set to the root suffix of the domain controller; otherwise, delete modifications are not detected.

  4. To verify the Active Directory connection settings, click Test Connection. If the connection is successful, the attributes in the endpoint are displayed in a separate pane. You can use the Filter field to search the attributes.
  5. Optional: We can also configure the following advanced parameters. Expand the Advanced section to view these parameters.

      Page Size
      Number of entries per page that must be returned by the request. The default value is 500.
      Seconds Before Timeout
      Specify the maximum number of seconds to wait for the next changed Active Directory object. The default value is 0.
      Seconds Between Polling
      Specifies the number of seconds to sleep between successive polls. The default value is 60.
      Change State Key
      Specifies the name of the key or parameter that stores the change detection iterator state. The state key is used between runs to remember the last changed that was processed. If synchronization was stopped for any reason, when it is restarted, it can pick up from where it stopped.
      The value of this key must be unique for each endpoint. If you do not set this parameter, a value is computed automatically to ensure uniqueness.
      Binary Attributes
      Specify a list of attributes that must be interpreted as binary values instead of strings. When you enter the attribute names in this field, enter one attribute per line and do not use any separators.


What to do next

After configuring the endpoint, we can create a flow to define the relationship between the endpoint and the target directory server.


Parent topic:

Configure endpoints