Configure the following settings
Edit mode
The edit permissions on the LDAP server.
Mode | Permissions |
|---|---|
READ_ONLY | Read LDAP users without modifying them |
WRITABLE | Update LDAP attributes such as passwords and profiles |
UNSYNCED | Imports users without syncing changes back to the LDAP server |
Users DN
The base DN (Distinguished Name) to search for users in the LDAP tree – for example:
ou=users,dc=example,dc=comRelative user creation DN
The sub-DN under Users DN for creating users when Edit mode is WRITABLE – for example:
ou=newusersUsername LDAP attribute
The LDAP attribute Cryptographic Security Platform will use as username – for example:
- uid
- sAMAccountName (when Vendor is Active Directory)
This field value must match the attribute that uniquely identifies users in Cryptographic Security Platform.
RDN LDAP attribute
The attribute used as Relative Distinguished Name when creating LDAP entries – for example:
- uid
- cn
This value determines how new LDAP entries are named.
UUID LDAP attribute
An attribute to uniquely identify LDAP entries – for example:
- entryUUID
- objectGUID (when Vendor is Active Directory)
This value ensures a stable mapping with the LDAP server.
User object classes
The LDAP object classes assigned to user entries – for example:
- inetOrgPerson
- organizationalPerson
This value defines a compliance schema for new LDAP users.
User LDAP filter
Additional LDAP filter for searching users – for example:
(memberOf=cn=KeycloakUsers,ou=groups,dc=example,dc=com)This value restricts the LDAP users visible in Cryptographic Security Platform appliance.
Search scope
The scope of user searches under Users DN.
Option | Scope |
|---|---|
ONE_LEVEL | Only immediate children |
SUBTREE | Entire subtree |
Read timeout
The maximum waiting time (in milliseconds) for LDAP read operations.
Pagination
Whether to enable pagination.
Optoin | Description |
|---|---|
On | Enable LDAP paged results. Select his option for large directories with size limits, such as the default 1000 entries of Active Directory. |
Off | Do not enable LDAP paged results. |
Referral
The LDAP referral handling mode.
Option | Mode |
|---|---|
FOLLOW | Follow referrals to other LDAP servers |
IGNORE | Ignore referrals |