Configure LDAP classes

You can use LDAP classes to assign LDAP objects to an Aeneis category. You can use an LDAP query to determine which LDAP objects are to be synchronized. Within an LDAP class, you can define where the synchronized objects are saved in the Aeneis.

In the delivery state, the preconfigured LDAP synchronization already contains preconfigured LDAP classes that are deactivated. If you want to use these LDAP classes, configure them to suit your use case. Once you have completed the configuration, activate LDAP synchronization and the associated LDAP classes.

 

Instruction:

  1. Open the SystemAdministration

  2. Open the in the Interfaces area

  3. Fold out the default LDAP synchronization

  4. Customize the configuration of the LDAP classes that already exist in the delivery state and are relevant for you via the properties:

    Property

    Description

    Category

    Define here the category that the LDAP class should have.

    Default ACL for new objects

    Define an ACL here that is to be assigned to newly created objects.

    Delete removed objects

    You can use this property to set that objects that no longer exist in LDAP are also deleted in Aeneis.

    Create version on delete

    With this property objects that no longer exist in LDAP are versioned in Aeneis.

    Create version on changes

    With this property objects modified in LDAP are versioned in Aeneis.

    Add new objects here

    Here you can define a model object under which new objects are referenced.

    Add moved objects to

    Here you can define a model object under which moved objects are referenced.

    Add removed objects to

    Here you can define a model object under which the objects removed from LDAP are referenced.

    Add unreferenced objects to

    Here you can define a model object under which the objects that are not referenced anywhere else are referenced.

    Minimum match degree (%)

    Specify here the percentage to which the attributes must match during mapping.

    Add reused objects to

    Here you can define a model object under which objects that are reused via mapping with inventory data are referenced.

    Case sensitive

    Case sensitive during synchronization.

    LDAP attributes

    Here you can determine which Aeneis schema attribute an LDAP attribute is assigned to.

    See also: How to configure LDAP attributes is described in detail under Create LDAP attribute.

    Query

    This is where you store the LDAP query to determine the synchronized objects.

    The objects have already been pre-filtered on the LDAP_Server using the BaseDN.

    Example: The BaseDN OU=employee,DC=domain,DC=en restricts the synchronization to all users in the organizational unit employee.

    You can use the query to filter the users who are to be synchronized according to certain criteria.

    Example: You can use the query (&(objectCategory=person)(objectClass=user)(memberOf:1.2.840.113556.1.4.1941:= CN=Aeneis_user,OU=groups,DC=domain,DC=en)) to restrict synchronization to users who are members of the Aeneis_user group.

    Reference objects to

    Define a multi-value attribute here, in which one or more model objects can be stored, under which synchronized objects (already existing or new) are referenced.

    Requirements: The synchronized object may be referenced under the stored object (permitted sub-object).

  5. Once you have completed the configuration of LDAP synchronization and the relevant LDAP classes, activate the corresponding objects:

Extend LDAP classes

If required, you can extend the LDAP classes.

Tip: Create new LDAP classes in collaboration with your Aeneis consultant.

Instructions:

  1. Create a new LDAP class via the context menu during LDAP synchronization:

  1. Enter a name and confirm with Enter