Policy directories

The list of LDAP directories used in the policy is specified in the ldapData section of the .json file. The table below describes its parameters. In the SDMC administration console, the equivalent parameters are found in the LDAP library panel.

For more information on certificates, refer to the section Managing LDAP directories in SDMC in the Administration guide.

Parameter Description Prescribed values SDMC

id

 Unique ID of the LDAP directory in the policy. Used in other sections of the .json file to identify the directory. Unique character string. N/A
configuration LDAP directory configuration  
name Configuration name.

Character string

 Server name
access

LDAP server contact settings.

 N/A
  address: Server address.

Character string

 Address
  port: Port to use. Integer between 0 and 65536 Connection port
 

protocol: Protocol to use.

Allowed values are:

  • "ldap" for the standard LDAP protocol,

  • "ldaps" for the secure LDAP protocol,

  • "ldapsWithFallbackToLdap" to attempt an LDAP connection if the LDAPS connection fails.

ldap

ldaps,

 

ldapsWith
Fallback
ToLdap

Use an LDAPS connection

 

Try to connect with LDAP if LAPS connection fails
credentials Connection ID. Access control
 

username: User name.

The "<Myself>" value makes it possible to use the Windows session identifiers.

Character string

 ID
 

password: Password.

The "<Myself>" value makes it possible to use the Windows session identifiers.

Character string

 Password
advanced Search settings.   Search
  base: Base of an LDAP request.

Character string

 Base
 

depth: Search depth.

Allowed values are:

  • "minimum" to perform the search on the immediate level in the tree,

  • "oneLevel" to perform the search on the immediate level and on a lower level only,

  • "maximum" to perform the search recursively in the tree.

minimum,

oneLevel,

maximum

 Depth
  timeoutSeconds: Timeout of the request before canceling (in seconds). Positive integer >= 10 Timeout before canceling connection request (in seconds)
searchAttributeNames Names to use to request various attributes during the search. Search attribute names
  emailAddress: Name of the attribute containing the e-mail address. The default value is "mail". Character string E-mail address
  commonName: Name of the attribute containing the common name. The default value is "cn". Character string Common name
  certificate: Name of the attribute containing the certificate. The value by default is "usercertificate;binary". Character string Certificate