Guide for configuring connections to LDAP servers.
You can configure multiple LDAP connections and you use these connection from other guides/configurations.
Start the guide by clicking on the '+' sign next to the LDAP menu item.
Name your connection and give it an optional description. Name will be displayed when other guides prompts for a connection.
Specify the host and port of the LDAP server.
Host can be a hostname, an IP or a DNS name.
To enable failover on the connection, comma (',') separate multiple hosts. If the failover servers uses the same port, you only need to specify port once. If not, specify ports comma separated for each host in the same order as you specified the hosts.
Host: localhost Port: 389
Multiple servers, same port:
Host: host1,host2,host3 Port: 389
Multiple servers, different ports:
Host: host1,host2,host3 Port: 389,10389,389
Specify credentials for the connection.
Note: Make sure the account has appropriate access rights in the data source
Specify if the connection should be encrypted and use SSL/TLS. This option requires SSL/TLS to be enabled on the LDAP server.
To establish trust between the PhenixID server and the LDAP server, the LDAP server SSL certificate chain must be added to the PhenixID server trust store managed by the Java Virtual Machine PhenixID server uses (bundled). This is an advanced administrative task not covered by this documentation.
To skip trust check between PhenixID server and LDAP, enable 'Trust all'.
Before you create the connection you can test current settings. If the connection test fails, step back in guide and adjust your settings.
It is possible to create a connection even though the connection test failed.
Note: Connection test is performed from the actual backend PhenixID server instance (or cluster) that is running the Configuration Manager application and not from your local machine.
To edit a connection, select the connection in the lefthand menu.
Note: Changes are hot. When you save, the server will reload and apply your changes immediately.
In the LDAP connection edit view you can change all settings on a connection (including properties not displayed in the guide).
When done editing, click 'Save' to save your changes.
To delete the connection, click 'Delete'. Note: Make sure that the connection is not used by any configuration before you delete it. If you remove a connection that is in use, you will brake the configuration and the server will not work as expected.
- Name: Connection name
- Description: Connection description (optional)
- Created: Timestamp when configuration was created (read only)
- Scenario Id: Internal ID of this configuration (read only)
- Host: Connection host name or IP
- Port: Connection port
- Bind DN: DN used binding to the LDAP server
- Password: Password used binding to the LDAP server
- Use SSL/TLS: Turns on the use of SSL/TLS (encrypted network communication) (Default: off)
- Trust all: Turns off certificate trust checks for SSL/TLS (Default: off)
- Follow referrals: Turns on LDAP follow referrals option (Default: off)
- Auto reconnect: Turns on reconnect on broken connections (Default: on)
- Use keep alive: Turns on connection keep alive (Default: on)
- Response timeout: Set maximum time to wait for a response from the LDAP server. Set to '0' to wait forever (NOT recommended) (Default: 30000)
- Connection pool initial size: The initial number of connection created in the pool. (Default: 1)
- Connection pool max size: Max number of connections allowed in the pool. (Default: 2)
- Connection pool max age: The max age in milliseconds of a connection in the pool. When age is reached the connection is automatically recreated. Set to '0' to allow connections to live forever. (Default: 0)