The ldap JSON object
The ldap object is under the cloud-sync object. The
ldap contains the connection information to access the LDAP server.
Note:
- Active Directory is accessed through one of its LDAP ports (389 or 636).
- Active Directory access is through the Windows LDAP
API. TLS access uses Windows native TLS support, not
OpenSSL. TLS access to Active Directory requires that the Active Directory Certificate signers (CAs)
must be added, if not already present, to the local Windows
computer account certificate store for Trusted Root certificate authorities. See the Microsoft documentation for
mmc using certificate snap-in.
Option entries and, if optional, the default values
"host"- The LDAP AD server host name or IP address.
"port"- The LDAP AD server port is typically 389 for non-TLS or
“start-tls”:true. For TLS or“use-tls”:true, the port value is typically 636. "user"- The LDAP account to bind with. For ISDS, this account needs to be
an admin account such as
“cn=root”. For AD see the previous notes for the account permissions that are required. Typically the Administrator account has these permissions, for example:"user":"CN=Administrator,CN=Users,DC=mydomain,DC=com" "obf-password"- The obfuscated LDAP account’s password to use for binding. To generate the obfuscated password
use:
IcbLdapSync.exe -obf {password} Replacing {password}with the password to obfuscate. "password"- The clear text LDAP account password for binding when
“obf-password”is not used. "use-tls":false- Specifies whether to directly connect by using TLS.
"start-tls":false- If set to
true, if the connection that is made is an unencrypted connection, it is immediately converted into a TLS connection. This attribute is useful if only the unencrypted port is available.