2.6.4 Data Connectors Setup

 

 

Hello there. Today you will learn how to create a new connection to a LDAP server. For this,  you need to go to “Administration”, then to “Data Connector Wizard”,

 

give it a new, unique name, and define its ID and URL – it’s important to check the connection type - eDirectory or Active Directory.

 

Also, set a username and password, then click “Test”. If the button becomes green, then this means that all settings are checked, and a connection can be established.

 

Check the connection type one more time and click “Create New Data Connector”.

 

 

Now you see that your actions were successful. Click “Reload App”.

 

Okay, your new connection is added to the submenu “Data Collection”. This is a snapshot service.

 

Here you find a path – “The LDAP Server URL”, “The LDAP Service account name”, password, path to keystore – “Keystore file name” which contains the public certificate for the LDAP secure connection and other settings.

 

Now you need to start the Snapshot Service.

 

Sometimes depending on the settings in eDirectory, you can get an error – “Connection or outbound has closed”. This happens because some versions of IDM can send you a certificate not with FQDN but with an IP address instead.

 

In this case, you must change FQDN to IP. It can happen if the IP address is set in “Data Connector Wizard”.

NOTE: FQDN should be changed to IP in “Report Service” and in appropriate c LDAP Connection in Core Engine settings.

 

image-20240523-121751.png

 

Now save and start the service again.

 

The service is actively running. Here you receive a root object, and this means that the service is started successfully.

 

After the service is started, you can go to the Time Machine. Here on top select your connection.

 

It’s to see that service works and when it finishes, you will get information about the snapshot such as: “Start Time”, “Finish Time”, “Duration”, “Total Objects”, “Average Object Size” and the size of data from a snapshot.

 

A list of snapshots can also be seen in the History Browser. Okay, that’s all for the snapshot services.

 

In addition to a snapshot service, one more submenu was created for Event Service.

 

If a type of connection is set to “eDirectory”, then here on the service’s page you see the URL to be set in the IDM driver. You’ll also find here the “Index Prefix” for writable indices which you also need to set in the ACDI driver settings driver. There is a possibility to download a keystore with a public certificate. You will need to copy this file to the machine with IDM.

 

“Keystore Password”. The default keystore password is changed. “OpenSearch Username” and here you are able to copy the password for this user. All these settings require to be set in the settings of the IDM ACDI driver.

 

There is an option to download AuditDriver packages for Designer as well as AppShims and Libs (libraries).

 

For more details about the ACDI Driver installation process, we go to the respective video in SKyPRO Academy.

 

In case if type of connection was set to “Active Directory”, you will get a list of settings for connection to Active Directory. This is the alias of the index of indices to read data from and for writable index and other service settings such as “The AD Name”, username, user password, port, the path to the certificate, type of keystore, password for keystore, URL of OpernSearch (if internal OpenSearch is used).

 

If you use external OpenSearch, you need to make changes to this field.

 

The username for OpenSearch admin who has the permissions to write is also here.

 

If an external connection with a certificate is used, it must be placed in the machine with ACDI and put here a path to the keystore,

 

→ select here keystore type,

 

→ and enter the password.

 

Okay, the object classes will be monitored by the DirSync service. By default, it's “top” which means that you will monitor changes in all types of objects in Active Directory.

 

If you need to set monitoring only for users and groups, you will set the settings to “User” and “Group” accordingly.

 

Here is a list of attributes that you need to encode in Base64,

 

and if you need to request additional custom attributes, you must add their names here.

 

Then save the changes and start the service.

 

Thank you for your attention and take care.

Should you have any questions or require any assistance, please do not hesitate to contact us at any time swsupport.skypro@skypro.ch