You can take care of the listed parameters while configuring
the Active Directory Change Detection Connector.
The Connector needs the following parameters:
- LDAP URL
- Specifies the LDAP URL of the Active Directory service you want
to access. The LDAP URL has the form ldap://hostname:port or
ldap://server_IP_address:port. For example, ldap://localhost:389
Note: The
default LDAP port number is 389. When using SSL, the default LDAP
port number is 636.
- Login username
- Specifies the distinguished name used for authentication to the
service. For example, cn=administrator,cn=users,dc=your_domain,dc=com.
Note: If you use Anonymous authentication, you must leave this parameter
blank.
- Login password
- Specifies the credentials (password).
Note: If you use Anonymous
authentication, you must leave this parameter blank.
- Authentication Method
- Specifies the authentication method to be used. Possible values
are:
- Anonymous (use no authentication)
- Simple (use weak authentication (cleartext password))
- Use SSL
- Specifies whether to use Secure Sockets Layer for LDAP communication
with Active Directory.
- Extra Provider Parameters
- Allows you to pass a number of extra parameters to the JNDI layer.
It is specified as name:value pairs, one pair per line.
- Binary Attributes
- Specifies a list of parameters that are to be interpreted as binary
values instead of strings. The default value for this parameter is objectGUID
objectSid.
- LDAP Search Base
- Specifies the Active Directory sub-tree that is polled for changes.
The search base should be an Active Directory Naming Context if detection
of deleted objects is required. For example, dc=your_domain,dc=com.
- Page Size
- Specifies the number of entries per page returned by this request
(default value is 500).
- Iterator State Key
- Specifies the name of the parameter that stores the current synchronization
state in the User Property Store of the IBM Security Directory Integrator.
This must be a unique name for all parameters stored in one instance
of the IBM Security Directory Integrator User
Property Store. The Delete button lets you delete this information
from the User Property Store.
- Start at
- Specifies either EOD or 0. EOD means report
only changes that occur after the Connector is started. 0 means
perform full synchronization, that is, report all objects available
in Active Directory Service. This parameter is taken into account
only when the parameter specified by the Iterator State
Key parameter is not found in the User Property Store.
- State Key Persistence
- Determines when the Connector's state is written to the System
Store. The default (and recommended setting) is End of Cycle,
and the choices are:
- After read
- Updates the System Store when you read an entry from the Active
Directory change log, before you continue with the rest of the AssemblyLine.
- End of cycle
- Updates the System Store with the change log number when all Connectors
and other components in the AssemblyLine have been evaluated and executed.
- Manual
- Switches off the automatic updating of the System Store with this
Connector's state information; instead, you will need to save the
state by manually calling the ADCD Connector's saveStateKey()
method, somewhere in your AssemblyLine.
- Use Notifications
- Specifies whether to use notification when waiting for new changes
in Active Directory. If not enabled, the Connector will poll for new
changes.
If enabled, the Connector will not sleep or timeout but
instead wait for a Change Notification event (Server Search Notification
Control (OID 1.2.840.113556.1.4.528) from the Active Directory
server, and the sleep interval and timeout parameters are ignored.
- Timeout
- Specifies the maximum number of seconds the Connector waits for
the next changed Active Directory object. If this parameter is 0,
then the Connector waits forever. If the Connector has not retrieved
the next changed Active Directory object within timeout seconds,
then it returns an empty (null) Entry, indicating that there
are no more Entries to return. The default is 5.
- Sleep Interval
- Specifies the number of seconds the Connector sleeps between successive
polls.
- Detailed Log
- If this field is checked, additional log messages are generated.
- Comment
- Your comments here.
Note: Changing Timeout or Sleep Interval values will automatically
adjust its peer to a valid value after being changed (for example,
when timeout is greater than sleep interval the value that was not
edited is adjusted to be in line with the other). Adjustment is done
when the field editor looses focus.