Platform | Security | LDAP synchronization
LDAP synchronization properties specify details that the system uses to log into the directory server and identify users to import. Some of these properties also control the frequency and other details of the automatic synchronization process.
LDAP sync enabled
Description
Set to true to enable LDAP or Active Directory synchronization.
Default value
false
Valid Values
true | false
Availability
This property is used only when the Marketing Platform is configured to integrate with a Windows Active Directory or other LDAP server.
LDAP sync interval
Description
The Marketing Platform synchronizes with the LDAP or Active Directory server at regular intervals, specified in seconds here. If the value is zero or less, the Marketing Platform does not synchronize. If the value is a positive integer, the new value takes effect without a restart within ten minutes. Subsequent changes take effect within the configured interval time.
Default value
600, or ten minutes
Availability
This property is used only when the Marketing Platform is configured to integrate with a Windows Active Directory or other LDAP server.
LDAP sync delay
Description
This the time (in 24 hour format) after which the periodic synchronization with the LDAP server begins, after the Marketing Platform is started. For example an LDAP sync delay of 23:00 and anLDAP sync interval of 600 mean that when the Marketing Platform starts, the periodic synchronization starts to execute at 11:00 PM and executes every 10 minutes (600 seconds) thereafter.
Default value
23:00, or 11:00pm
Availability
This property is used only when the Marketing Platform is configured to integrate with a Windows Active Directory or other LDAP server.
LDAP sync timeout
Description
The LDAP sync timeout property specifies the maximum length of time, in minutes, after the start of a synchronization before the Marketing Platform marks the process ended. The Platform allows only one synchronization process to run at a time. If a synchronization fails, it is marked as ended whether it completed successfully or not.
This is most useful in a clustered environment. For example, if the Marketing Platform is deployed in a cluster, one server in the cluster might start an LDAP synchronization and then go down before the process is marked as ended. In that case, the Marketing Platform will wait for the amount of time specified in this property, and then it will start the next scheduled synchronization.
Default value
600, (600 minutes, or ten hours)
Availability
This property is used only when the Marketing Platform is configured to integrate with a Windows Active Directory or other LDAP server.
LDAP sync scope
Description
Controls the scope of the initial query to retrieve the set of users. You should retain the default value of SUBTREE for synchronizing with most LDAP servers.
Default value
SUBTREE
Valid Values
The values are standard LDAP search scope terms.
*
OBJECT - Search only the entry at the base DN, resulting in only that entry being returned
*
ONE_LEVEL - Search all entries one level under the base DN, but not including the base DN.
*
SUBTREE - Search all entries at all levels under and including the specified base DN.
Availability
This property is used only when the Marketing Platform is configured to integrate with a Windows Active Directory or other LDAP server.
LDAP provider URL
Description
For most implementations, set to the LDAP URL of the LDAP or Active Directory server, in one of the following forms:
*
ldap://IP_address:port_number
*
ldap://machineName.domain.com:port_number
On LDAP servers, the port number is typically 389 (636 if SSL is used).
If IBM® EMM is integrated with an Active Directory server, and your Active Directory implementation uses serverless bind, set the value of this property to the URL for your Active Directory server, using the following form:
ldap:///dc=example,dc=com
Default value
Undefined
Availability
This property is used only when the Marketing Platform is configured to integrate with a Windows Active Directory or other LDAP server.
Require SSL for LDAP connection
Path
Platform | Security | LDAP synchronization
Description
Specifies whether the Marketing Platform uses SSL when it connects to the LDAP server to synchronize users. If you set the value to true, the connection is secured using SSL.
Default value
false
Valid Values
true | false
Availability
This property is used only when the Marketing Platform is configured to integrate with a Windows Active Directory or other LDAP server.
LDAP config IBM® Marketing Platform group delimiter
Description
In the LDAP reference to IBM® Marketing Platform group map category, if you want to map one LDAP or Active Directory group to multiple Marketing Platform groups, use the delimiter specified here. It can be any single character that does not appear in the names it is separating.
Default value
; (semicolon)
Availability
This property is used only when the Marketing Platform is configured to integrate with a Windows Active Directory or other LDAP server.
LDAP reference config delimiter
Description
Specifies the delimiter that separates the SEARCHBASE and FILTER components that make up the LDAP or Active Directory reference (described in the LDAP references for IBM® Marketing Platform user creation category).
FILTER is optional: if omitted, the Marketing Platform server dynamically creates the filter based on the value of the LDAP user reference attribute name property.
Default value
; (semicolon)
Valid Values
Any single character that does not appear in the names it is separating.
Availability
This property is used only when the Marketing Platform is configured to integrate with a Windows Active Directory or other LDAP server.
IBM® Marketing Platform user for LDAP credentials
Description
Specifies the name of IBM® EMM user that has been given LDAP administrator login credentials.
Set the value of this property to the user name you created for the IBM® EMM user when you configured LDAP integration. This property works in conjunction with the Data source for LDAP credentials property in this category.
Default value
asm_admin
Availability
This property is used only when the Marketing Platform is configured to integrate with a Windows Active Directory or other LDAP server.
Data source for LDAP credentials
Description
Specifies the Marketing Platform data source for LDAP administrator credentials.
Set the value of this property to the data source name you created for the IBM® EMM user when you configured LDAP integration. This property works in conjunction with the IBM® Marketing Platform user for LDAP credentials property in this category.
Default value
Undefined
Availability
This property is used only when the Marketing Platform is configured to integrate with a Windows Active Directory or other LDAP server.
LDAP user reference attribute name
Description
For group based import of users, set to the name that your LDAP or Active Directory server uses for the user attribute in the Group object. Typically, this value is uniquemember in LDAP servers and member in Windows Active Directory servers.
For attribute based import of users, set this property to DN, and when you configure the LDAP reference map property, set the FILTER portion of the value to the string your LDAP server uses for the attribute on which you want to search.
Default value
member
Availability
This property is used only when the Marketing Platform is configured to integrate with a Windows Active Directory or other LDAP server.
LDAP BaseDN periodic search enabled
Description
When this property is set to True, the Marketing Platform performs the LDAP synchronization search using the distinguished name set in the Base DN property under the IBM EMM | Platform | Security | LDAP category. If this property is set to False, the Marketing Platform performs the LDAP synchronization search using the groups mapped to LDAP groups under LDAP reference to IBM Marketing Platform group map.
The following table describes whether changes are picked up in periodic synchronization, depending on the value set for this property.
Effect of this property on periodic synchronization behavior
Change
Is the change picked up when the value is set to True?
Is the change picked up when the value is set to False?
In Marketing Platform, delete a user synchronized from the LDAP server
Yes
No
Remove a user from an LDAP group mapped to a Marketing Platform group
No
No
In Marketing Platform, remove a user from a Marketing Platform group mapped to an LDAP group.
No
No
Add a new user to the LDAP server
Yes
Yes
Add a user to an LDAP group mapped to a Marketing Platform group
Yes
No
Change user attributes on the LDAP server
Yes
Yes
Default value
True
Availability
This property is used only when the Marketing Platform is configured to integrate with a Windows Active Directory or other LDAP server.
User login
Description
Maps the IBM® EMM user's login to the equivalent user attribute in your LDAP or Active Directory server. User login is the only required mapping. Typically, the value for this attribute is uid for LDAP servers and sAMAccountName for Windows Active Directory servers. You should verify this on your LDAP or Active Directory server.
Default value
uid
Availability
This property is used only when the Marketing Platform is configured to integrate with a Windows Active Directory or other LDAP server.
First name
Description
Maps the First Name user attribute in the Marketing Platform to the equivalent user attribute in your LDAP or Active Directory server.
Default value
givenName
Availability
This property is used only when the Marketing Platform is configured to integrate with a Windows Active Directory or other LDAP server.
Last name
Description
Maps the Last Name user attribute in the Marketing Platform to the equivalent user attribute in your LDAP or Active Directory server.
Default value
sn
Availability
This property is used only when the Marketing Platform is configured to integrate with a Windows Active Directory or other LDAP server.
User title
Description
Maps the Title user attribute in the Marketing Platform to the equivalent user attribute in your LDAP or Active Directory server.
Default value
title
Availability
This property is used only when the Marketing Platform is configured to integrate with a Windows Active Directory or other LDAP server.
Department
Description
Maps the Department user attribute in the Marketing Platform to the equivalent user attribute in your LDAP or Active Directory server.
Default value
Undefined
Availability
This property is used only when the Marketing Platform is configured to integrate with a Windows Active Directory or other LDAP server.
Company
Description
Maps the Company user attribute in the Marketing Platform to the equivalent user attribute in your LDAP or Active Directory server.
Default value
Undefined
Availability
This property is used only when the Marketing Platform is configured to integrate with a Windows Active Directory or other LDAP server.
Country
Description
Maps the Country user attribute in the Marketing Platform to the equivalent user attribute in your LDAP or Active Directory server.
Default value
Undefined
Availability
This property is used only when the Marketing Platform is configured to integrate with a Windows Active Directory or other LDAP server.
User email
Description
Maps the Email Address attribute in the Marketing Platform to the equivalent user attribute in your LDAP or Active Directory server.
Default value
mail
Availability
This property is used only when the Marketing Platform is configured to integrate with a Windows Active Directory or other LDAP server.
Address 1
Description
Maps the Address user attribute in the Marketing Platform to the equivalent user attribute in your LDAP or Active Directory server.
Default value
Undefined
Availability
This property is used only when the Marketing Platform is configured to integrate with a Windows Active Directory or other LDAP server.
Work phone
Description
Maps the Work Phone user attribute in the Marketing Platform to the equivalent user attribute in your LDAP or Active Directory server.
Default value
telephoneNumber
Availability
This property is used only when the Marketing Platform is configured to integrate with a Windows Active Directory or other LDAP server.
Mobile phone
Description
Maps the Mobile Phone user attribute in the Marketing Platform to the equivalent user attribute in your LDAP or Active Directory server.
Default value
Undefined
Availability
This property is used only when the Marketing Platform is configured to integrate with a Windows Active Directory or other LDAP server.
Home phone
Description
Maps the Home Phone user attribute in the Marketing Platform to the equivalent user attribute in your LDAP or Active Directory server.
Default value
Undefined
Availability
This property is used only when the Marketing Platform is configured to integrate with a Windows Active Directory or other LDAP server.
Alternate login
Description
Maps the Alternate Login user attribute in the Marketing Platform to the equivalent user attribute in your LDAP or Active Directory server.
Default value
Undefined
Availability
This property is used only when the Marketing Platform is configured to integrate with a Windows Active Directory or other LDAP server.
Copyright IBM Corporation 2014. All Rights Reserved.