Configuring an Active Directory endpoint

Edit online

To configure an Active Directory as an endpoint, you must specify the LDAP URL, login name with credentials, the search base, and root suffix.

Before you begin

Ensure that you create an endpoint and specify the type as Active Directory. See Configuring endpoints.

Procedure

  1. On the Active Directory endpoint configuration page, under LDAP URL, enter the Host name and Port of the Active Directory that you want to access. The default LDAP port number is 389. If you use SSL, the default LDAP port number is 636.
    For information about setting up SSL for Active Directory connections, see the IBM® Security Directory Integrator documentation and search for Microsoft Active Directory SSL configuration.
  2. For a secured connection, select SSL.
  3. In the User Login and Password fields, enter the distinguished name and credentials for authentication to the service.

    For example: cn=administrator,cn=users,dc=your_domain,dc=com

  4. In the Include entries from the following container field, enter the search base of the source directory under which entries are read for synchronization. Alternately, you can click Contexts and select from the LDAP Search Base list and then click OK.

    For example: dc=your_domain,dc=com

    Note: For Active Directory, this value must be set to the root suffix of the domain controller; otherwise, delete modifications are not detected.
  5. To verify the Active Directory connection settings, click Test Connection.
    A green tick mark displayed next to the name of the endpoint indicates that the connection is successful. If the connection is successful, the attributes in the endpoint are displayed in a separate pane. You can use the Filter field to search the attributes.
  6. After you configure the endpoint, to easily access the data in the directory, click Browse Data. You can use the LDAP browser to view the directory hierarchy and the types of users, groups, and containers. You can also add, modify, or delete entries in the directory.
  7. Optional: You can also configure the following advanced parameters. Expand the Advanced section to view these parameters.
    Page Size
    Specify the number of entries per page that must be returned by the request. The default value is 500.
    Seconds Before Timeout
    Specify the maximum number of seconds to wait for the next changed Active Directory object. The default value is 0.
    Seconds Between Polling
    Specifies the number of seconds to sleep between successive polls. The default value is 60.
    Change State Key
    Specifies the name of the key or parameter that stores the change detection iterator state. The state key is used between runs to remember the last changed that was processed. If synchronization was stopped for any reason, when it is restarted, it can pick up from where it stopped.
    The value of this key must be unique for each endpoint. If you do not set this parameter, a value is computed automatically to ensure uniqueness.
    Binary Attributes
    Specify a list of attributes that must be interpreted as binary values instead of strings. When you enter the attribute names in this field, enter one attribute per line and do not use any separators.

What to do next

After you configure the endpoint, you can create a flow to define the relationship between the endpoint and the target directory server.