Resource Kit Guide

10.3 HotFix 1
- 10.5
- 10.4 HotFix 3
- 10.4 HotFix 2
- 10.4 HotFix 1
- 10.4
- 10.3 HotFix 3
- 10.3 HotFix 2
- 10.3

Back Next

Synchronizing Users with User Groups through an LDAP Server

You can synchronize users in an LDAP server with the

MDM Hub

user groups. Before the synchronization, the LDAP server must have users and groups. You can synchronize users in an LDAP server with user groups in multiple Operational Reference Stores in the

MDM Hub

Edit the LDAP server properties in the

automation.properties

file.

The following table describes the properties in the

automation.properties

file that you need to configure:

Property	Description
LDAP.Server	Required. URL to connect to the LDAP server.
LDAP.Username	Required. User name to access the LDAP server. If the LDAP server search is not secure, you do not need a user name.
LDAP.Password	Required. Password to access the LDAP server. If the LDAP server search is not secure, you do not need a password.
LDAP.SearchBase	Required. Specifies the starting point for the search in the LDAP directory tree.
LDAP.number.of.ldapgroups	Required. Number of user groups in the Operational Reference Stores for which you want to synchronize users.
LDAP.groupname.for.ldap.search<n>	Required. Name of a user group in the LDAP server.
LDAP.group.attribute_name.for.userlist<n>	Required. Name of an attribute for a user group in an LDAP server that is associated with a user in an Operational Reference Store.
LDAP.MDM.ORS.group.databaseId<n>	Required. ID of the Operational Reference Store that has a user group associated with a user in the LDAP server.
LDAP.MDM.groupname<n>	Required. Name of a user group in the Operational Reference Store that corresponds to a user group in the LDAP server.
LDAP.attribute_name.for.user.firstname	Required. First name of a user in the LDAP server. Use the property if you want to synchronize the first name of a user from the LDAP server with the Operational Reference Store.
LDAP.attribute_name.for.user.middlename	Optional. Middle name of a user in the LDAP server. Use the property if you want to synchronize the middle name of a user from the LDAP server with the Operational Reference Store.
LDAP.attribute_name.for.user.lastname	Required. Last name of a user in the LDAP server. Use the property if you want to synchronize the last name of a user from the LDAP server with the Operational Reference Store.
LDAP.attribute_name.for.username	Required. An attribute of the user in the LDAP server, other than a common name or a user ID, such as Security Access Manager account name. Use the property to synchronize an attribute other than a common name or a user ID from the LDAP server with the Operational Reference Store.
LDAP.attribute_name.for.user.email	Required. Email address of the user that you want to create.
LDAP.strip_slashes_from_usernames	Optional. Specifies whether to remove slashes from user names. For example, when a user name such as Boyd\ is part of a search filter expression such as (&(CN=Boyd\) , the following error might occur: InvalidSearchFilterException: Unbalanced parenthesis In a search expression, slashes might be treated as escape characters resulting in an unbalanced parenthesis error. To make the synchronization process work in such scenarios, you might need to remove slashes from the user names. You can configure the following values: no. Retains slashes in the user names. yes. Removes slashes from the user names. Default is no .
LDAP.cleanup.before.sync	Optional. Specifies whether to remove all the users that are assigned in an Operational Reference Store before synchronizing users with roles. You can configure the following values: true. Removes the users that are assigned in an Operational Reference Store, and then assigns the users to roles. If you run the command to synchronize users with the -u option, a single user assignment is removed. Otherwise, all user assignments are removed. false. Retains the users that are assigned in an Operational Reference Store. Default is true .