LDAP connector
Last updated
Last updated
LDAP connectors allow for creating and maintaining users (login accounts) and employees in Ultimo. On a LDAP connector, it is possible to specify specific details for the accounts that should be retrieved from the directory service but also how users and employees should be created in Ultimo. From Ultimo Premium, it is possible to add multiple LDAP connectors to be able to set specific defaults for a group of accounts.
⚠ Not all connection properties apply when running Ultimo is hosted in the cloud. See the page for a further explanation.
Parameter
Description
Server
LDAP server address. If this value is not filled and the environment is ran On Premises, Ultimo will automatically search for a LDAP server in the domain. This could affect performance if the server is located at the other end of the world or is connected with a slow VPN connection. Also it could be possible that no server can be found automatically.
User name
User name of the user that will be used to connect to the directory service. When empty, anonymous authentication will be tried.
Password
Password of the user that will be used to connect to the directory service.
Distinguished names
Distinguished Names is a string that uniquely identifies an entry in the DIT. The connector allows for multiple Distinguished Names, by separating them by a semicolon.
Filter
Filter objects that are retrieved from the LDAP server, for example only active users.
Page size
Applies when there is a policy on the LDAP server that prevents to retrieve more than 1000 records for example. By setting the page size lower than the maximum result set of the LDAP server and higher as zero, all the results are given. it is recommended to set this property as high as possible, as too many individual queries will decrease performance.
Use fast bind
Specifies that ADSI will not attempt to query the Active Directory Domain Services objectClass property. Therefore, only the base interfaces that are supported by all ADSI objects will be exposed.
Use server bind
If your ADsPath includes a server name, specify this flag when using the LDAP provider. Do not use this flag for paths that include a domain name or for serverless paths. Specifying a server name without also specifying this flag results in unnecessary network traffic.
Use secure
Requests secure authentication. When this flag is set, the WinNT provider uses NTLM to authenticate the client. Active Directory Domain Services uses Kerberos, and possibly NTLM, to authenticate the client. Additional options when Use secure is checked:
Use sealing: encrypts data using Kerberos.
Use signing: verifies data integrity to ensure that the data received is the same as the data sent
Use SSL
Attaches a cryptographic signature to the message that both identifies the sender and ensures that the message has not been modified in transit. Active Directory Domain Services requires the Certificate Server be installed to support Secure Sockets Layer (SSL) encryption.
It is possible to specify some default properties for the users that will be created on the LDAP connector. From Ultimo Premium, it is possible to get and process additional user properties.
Parameter
Description
Initial company
The company in Ultimo the user will be assigned to when creating a new user. Only applies for the initial creation, will never update.
Initial group
The user group in Ultimo the user will be assigned to when creating a new user. Only applies for the initial creation, will never update.
Domain
Used as a prefix for the external account name of a user.
The following employee properties are taken by default from the directory service. From Ultimo Premium, it is possible to get and process additional employee properties.
Parameter
Ultimo property
givenname
FirstName
sn
Surname
initials
Initials
displayname
Description
telephonenumber
PhoneInternal
mobile
MobilePhone
EmailAddress