RapidIdentity Administrators' and Users' Guide

LDAP Server Sets

The LDAP Server Sets interface allows administrators to configure server set settings.

LDAP_Server_Sets.jpg

An active LDAP Server must be assigned to a server set. The default LDAP Server will initially display under Available Servers and it must be moved into Assigned Servers

Note

All servers within the server set should hold read-write replicas of the same Directory Information Tree (DIT).

To add a new server set, click Add LDAP Server Set at the top right of the screen. The following menu will contain two tabs.

General Tab

The General tab is the basic makeup of the new Server Set. Give the set a Name and click the + signs next to the Available Servers to move them into Assigned Servers.

Table 44. Assign Available Servers to the Server Set
Server_Set_General_Tab_-_Before.jpg
Server_Set_General_Tab_-_After.jpg


Advanced Tab

The Advanced tab has more granular settings that can be configured as explained below. Enter the correct settings for your environment.

Server_Set_Advanced_Tab.jpg
Table 45. Advanced Options

Field Name

Description

Initial Connections

This setting is used for LDAP connection pooling and is the specified number of connections that are opened when RapidIdentity Portal starts.

Max Connections

This setting is used for LDAP connection pooling and is the maximum number of connections that RapidIdentity Portal will establish with the LDAP server at any given time.

Authentication Pool Initial Connections

This setting is used to specify the initial size of the authentication LDAP connection pool. Default = 4.

Authentication Pool Max Connections

This setting is used to specify the maximum size of the authentication LDAP connection pool. Default = 20.

Deference Policy

This setting is used to specify the alias deference policy for LDAP searches. Default = NEVER.

Max Search Results

This setting is used to specify the maximum number of results to return for general purpose searches. This is meant to keep rogue requests from overwhelming the server. Default = 1000.

Search Time Limit

This setting is used to specify the maximum LDAP search time limit. Default = 30 seconds.

Capture Search Stats

This setting is used to specify that the server should request search statistics from Active Directory when performing searches. This only works for Active Directory servers and the results will be printed in the logs. This should not be on for general purposes but may be helpful in tracking down why some searches are slow. Default = false. See this page for more info: LDAP_SERVER_GET_STATS_OID.

Domain Scoped

This setting is used to specify that LDAP requests contain the LDAP_SERVER_DOMAIN_SCOPE_OID control which instructs the LDAP server to not generate any referrals when completing a request.

Use Active Directory Fast Bind

This setting is used to specify that Active Directory Fast Bind is used for authenticating user logins.



In this section: