Note: this component stores cluster-wide configuration data and is mirrored across all servers in the topology within the the same cluster.
Note: changes to cluster-wide configuration objects are immediately and automatically mirrored across all servers within the same cluster, so offline changes are not supported.
The LDAP Store Adapter provides a data store interface to a remote directory service over LDAP. Multiple directory servers containing the same data may be configured using a load balancing algorithm to provide high availability.
↓Parent Component
↓Relations from This Component
↓Properties
↓dsconfig Usage
The LDAP Store Adapter component inherits from the Store Adapter
The following components have a direct aggregation relation from LDAP Store Adapters:
The properties supported by this managed object are as follows:
| Basic Properties: | Advanced Properties: |
|---|---|
| ↓ description | ↓ plugin |
| ↓ name | ↓ include-operational-attribute |
| ↓ enabled | |
| ↓ load-balancing-algorithm | |
| ↓ structural-ldap-objectclass | |
| ↓ auxiliary-ldap-objectclass | |
| ↓ include-base-dn | |
| ↓ include-filter | |
| ↓ create-dn-pattern |
| Description | A description for this Store Adapter |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | The name of the Store Adapter. The name must be valid as a component of a URN. |
| Default Value | None |
| Allowed Values | A name that can be used as a component of a URN. Letters, digits, and characters in '()+,-.=@;$_!*' are allowed. |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | Indicates whether the Store Adapter is enabled. |
| Default Value | None |
| Allowed Values | true false |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies the default load-balancing algorithm that will be used to select the backend server for each operation processed through this LDAP Store Adapter. |
| Default Value | None |
| Allowed Values | The DN of any Load Balancing Algorithm. Load-balancing algorithms associated with LDAP Store Adapters must be enabled. |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | The LDAP Store Adapter must be disabled and re-enabled for changes to this setting to take effect. Changes to this property will not take effect until the LDAP Store Adapter is restarted. |
| Description | Specifies the LDAP structural object class that should be exposed by this LDAP Store Adapter. |
| Default Value | None |
| Allowed Values | The name or OID of the objectclass to expose. |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies an auxiliary LDAP object class that should be exposed by this LDAP Store Adapter. |
| Default Value | None |
| Allowed Values | The name or OID of the auxiliary objectclass to expose. |
| Multi-Valued | Yes |
| Required | No |
| Admin Action Required | The PingAuthorize Server must be restarted for changes to this setting to take effect. Changes to this property will not take effect until the server is restarted. |
| Description | Specifies the base DN of the branch of the LDAP directory that can be accessed by this LDAP Store Adapter. Along with the include-filter property, this property determines whether an entry is included in this LDAP Store Adapter. |
| Default Value | None |
| Allowed Values | A valid DN. |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | The set of LDAP filters that define the LDAP entries that should be included in this LDAP Store Adapter. Along with the include-base-dn property, this property determines whether an entry is included in this LDAP Store Adapter. If the include-base-dn property does not exclude an entry, then it will be included if it matches any of the filters specified here. If no filters are specified, then only the include-base-dn property is used to determine if an entry is included by this LDAP Store Adapter. |
| Default Value | All entries are included by this LDAP Store Adapter. |
| Allowed Values | A valid LDAP search filter |
| Multi-Valued | Yes |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies the template to use for the DN when creating new entries. If no value is specified, this LDAP Store Adapter will not support create operations. The template may reference any LDAP attribute that is present in the mapped entry by using bracket notation. For example, the pattern "uid={uid},dc=example,dc=com" will substitute the entry's 'uid' value as the RDN. Substitutions are allowed for any DN components, not just the RDN. The Ping Identity Directory Server 'name with entryUUID' request control can be used to name entries by specifying the entryUUID attribute in the RDN in the DN pattern. For example, the DN pattern could be "entryUUID=server-generated,dc=example,dc=com". The RDN value - 'server-generated' in this example - is a placeholder value that is ignored. The actual value is generated by the Ping Identity Directory Server. The entryUUID RDN should only be used in a DN pattern with stores that support the 'name with entryUUID' request control (namely Ping Identity Directory Server and Ping Identity Directory Proxy Server). |
| Default Value | None |
| Allowed Values | The pattern to use to construct the DN value. |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies Store Adapter plugins that should be applied to operations that are handled by this Store Adapter. If multiple plugins are provided, then they will be invoked in the order they are specified. |
| Default Value | None |
| Allowed Values | The DN of any Store Adapter Plugin. |
| Multi-Valued | Yes |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
include-operational-attribute (Advanced Property)
| Description | Specifies the set of operational LDAP attributes to include in the native SCIM schema that is provided by this LDAP Store Adapter. By default, operational attributes are not provided by the LDAP Store Adapter. However, there may be cases where you wish to create an attribute mapping that depends on an operational attribute from the LDAP server. Specifying it here will cause it to appear in the schema exposed by the LDAP Store Adapter and allow the attribute to be mapped to a SCIM Resource Type attribute. |
| Default Value | None |
| Allowed Values | An LDAP attribute name or OID |
| Multi-Valued | Yes |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
To list the configured Store Adapters:
dsconfig list-store-adapters
[--property {propertyName}] ...
To view the configuration for an existing Store Adapter:
dsconfig get-store-adapter-prop
--adapter-name {name}
[--tab-delimited]
[--script-friendly]
[--property {propertyName}] ...
To update the configuration for an existing Store Adapter:
dsconfig set-store-adapter-prop
--adapter-name {name}
(--set|--add|--remove) {propertyName}:{propertyValue}
[(--set|--add|--remove) {propertyName}:{propertyValue}] ...
To create a new LDAP Store Adapter:
dsconfig create-store-adapter
--adapter-name {name}
--type ldap
--set enabled:{propertyValue}
--set structural-ldap-objectclass:{propertyValue}
--set include-base-dn:{propertyValue}
[--set {propertyName}:{propertyValue}] ...
To delete an existing Store Adapter:
dsconfig delete-store-adapter
--adapter-name {name}