# RapidIdentity Administrators' and Users' Guide

##### LDAP Servers

The LDAP Servers interface allows administrators to configure organization-specific LDAP servers to use within RapidIdentity.

### Note

Only Active Directory, eDirectory, and the Identity Automation distribution of OpenLDAP are currently supported.

Enter the configuration details for your LDAP Server. After this is complete, you can add it to an LDAP Server Set if needed.

Table 42. LDAP Options

Field Name

Description

Name

The name of the LDAP server. Used only to allow identification of different server connections within the settings.

The server address refers to the server that hosts the LDAP directory. The entry can be a fully qualified domain name (e.g. ldapserver.example.com) or an IP address. It is important to verify that the networking infrastructure (i.e. firewalls, etc) allow communication between the RapidIdentity Portal server and the LDAP server referenced in this field.

Encryption Method

RapidIdentity Portal supports SSL and Start-TLS encryption types. The default setting is no encryption. Note that no certificate verification is performed when an encryption type is verified. This allows the secure use of self-signed certificates. Active Directory environments require encryption to allow password changes to occur.

Port

The port number that the LDAP server is listening on. The default unencrypted port is 389 and the default encrypted port is 636.

Trust All Certificates

This setting tells RapidIdentity to trust any SSL/TLS certificate presented by the LDAP server. Unsetting will require manually verifying that you trust the certificate presented by the LDAP server.

### Note

It is strongly recommended that this setting is disabled in production deployments for security purposes.

After enabling, click Test Connection and Certificate Settings in the bottom Action Bar to validate.

Base DN

Base DN for the LDAP server.

Bind DN or User

The specified user account must have sufficient access to the LDAP tree. This includes authenticating, reading, and writing to any DN specified in the configuration. Almost all LDAP operations are performed as this user.

### Note

Write access is required to set an idautoID on accounts, which is required for the Portal to function.

The built-in object browser makes finding the value required for this field easier.

For Active Directory, this field should be either the userPrincipalName or <domain>/<username> (e.g. what the user would normally use to log in to Windows) rather than the DN.

The corresponding password for the Bind User specified above is the Bind Password, and that field displays when users click the Update Password button.

Test Connection and Certificate Settings

This button performs a real-time connection test based on the parameters provided to see if an LDAP connection can be established. A successful test results in a green text box stating "Connect Test Passed".

If encryption is enabled and Trust All Certificates is not enabled, you will also be asked to verify that you trust the certificate (if trust has not already been established for the certificate presented by the LDAP server).

### Note

Save all settings before attempting to test the connection.

Save/Cancel

Commit changes or reset the values to default.

Field Name

Description

Connection Timeout (milliseconds)

The maximum number of seconds that RapidIdentity Portal will wait for a valid connection to be established with the LDAP server. Default = 5000.

Response Timeout (milliseconds)

The maximum number of seconds that RapidIdentity Portal will wait for a valid response from the LDAP server when performing LDAP operations. Default = 10000.

Search Page Size

This setting is used to specify the maximum LDAP results per page when using the LDAP Simple Paged Results search request control. Default = 1000.

Referral Hop Limit

This setting determines the number of referrals (i.e. hops) the system will follow in a sequence of referrals from one LDAP server to a subsequent LDAP server. Default = 5.

For example, there are two hops from LDAP Server 1 to LDAP Server 2 to LDAP Server 3.