Administration Guide > Configuration > Settings in Variables > UC_LDAP_EXAMPLE - LDAP Connection Variable

UC_LDAP_EXAMPLE - LDAP Connection Variable

This variableIt stores or retrieves values dynamically at runtime. An individual Automation Engine object type. contains the specifications for the LDAP connection.

This variable is supplied in clientA closed environment within an Automation Engine system where you can create and run objects. A client name consists of a 4-digit number that must be indicated when a user logs on to the Automation Engine system. Users and their rights are also defined in clients. A particular Automation Engine object type. 0000. Its settings are applied globally for the whole AE system. The variable contains all specifications for the connection to the Active Directory or Oracle Directory Server.

As of version 11, LDAP over SSL may be used.

The folderTop level entities such as Environment, Deployment Target, Activity, … are stored in folders. The permissions a user has on an entity depend on the permissions that are set on the folder for the entities. "DIV_VARIABLES" contains the variable UC_LDAP_EXAMPLE which can be used as a template. Duplicate this variable. There are two methods for configuring the connection to your LDAP server (Active Directory or Oracle Directory Server):

German umlauts cannot be used in domain names.

By default, the domain indicated in the name of the variable is used. You can also specify the alias in the key DOMAIN_ALIAS which is then used instead of the domain name.

Key

Value

New start required

AUTHENTICATION_METHOD

Authentication method

Depending on the LDAP Server configurationA set of constituent components that make up a system. This includes information on how the components are connected including the settings applied., authentication requires realm data or the domain name.

Allowed values: "0", "1" (default value) and "2"

"0" - Authentication first uses the LDAP Server's realm data. A second attempt to log on is made with the domain name if the first attempt fails. The LDAP connection remembers the successful loginAn Automation Engine object type that stores account credentials used by agents on target systems. method and uses this one first for future logins. Each attempt to authenticate is regarded as a login attempt. Whether an attempt to log on failed because of incorrect userIn the Automation Engine, a user is an instance of a User object, and generally the user is a specific person who works with Automic products. The User object is assigned a user ID and then a set of access rights to various parts of the Automation Engine system and product suite. These access rights come in the form of Automation Engine authorizations and privileges, Decision user roles and EventBase rights and ARA web application object rights. You can manage all these centrally in the ECC user management functions. See also, Unified user management. data or due to a wrong login type is irrelevant. Thus, entering an incorrect passwordA secret combination of characters for a Automation Engine user. several times has the effect that a user is locked earlier.
"1" - The response to the LDAP Server is sent with the LDAP Server's realm data. This is the default method which should be accepted by every LDAP Server.
"2" - The domain name is used to respond to the LDAP Server.

No

DOMAIN_ALIAS

Domain alias or domain name (if the department has been specified in the name of the variable

No

SERVER

Name and port number of the LDAP Server

Format:
Server name
:Port number

Separate several LDAP Servers with a semicolon. The Automation EngineThis component drives an Automation Engine system and consists of different types of server processes. then attempts to establish a connection to the first LDAP Server. If it fails, a second attempt is made with the second LDAP Server etc.

No

SYNC_LOGIN

(optional) This key defines a UC_LDAP_Domain variable used for synchronizing LDAP data.

This key is only necessary in case a current AE user shall use a specially created Login object containing credentials allowing the LDAP synchronization should their existing permissions not be sufficient.

 

USE_DISTINGUISHED_NAME

Access via DN (distinguished name)

Allowed values: "Y" and "N" (default value)

"Y" - The connection to the LDAP system is established via DN.
"N" - DN is not used.

The password remains unencrypted when using DN.
As of version 11 this functionPre-defined run book template in the Automation Engine. One single step only, e.g. Start Windows Service, Copy file,… is dependent on the parameter VERSION (see below). If it is set to "1", the password remains unencrypted.
For VERSION = "2", the connection as well as the password will be encrypted, since LDAP over SSL is used.

The LDAP connection uses the domain name when a user logs on for the first time. By doing so, it retrieves the corresponding Distinguished Name (DN). For all subsequent login attempts it uses the DN because this method is the quicker one. If it fails, the LDAP connection automatically continues using the domain name.

On Oracle Directory servers, the DN (distinguished name) is always used.

No

USR_EMAIL1

LDAP attribute from which the e-mail address should be read

E.g.: "mail" in the Microsoft Active Directory

No

USR_FIRSTNAME

LDAP attribute from which the first name should be read

E.g.: "givenName" in the Microsoft Active Directory

On Oracle Directory servers this setting is irrelevant, as attributes there are always "givenName" and "sn".

No

USR_LASTNAME

LDAP attribute from which the last name should be read

E.g.: "sn" in the Microsoft Active Directory

On Oracle Directory servers this setting is irrelevant, as attributes there are always "givenName" and "sn".

No

VERSION

Defines, if an existing C-Modul or the Java based Work process (JWP) is used in order to enable LDAP over SSL.

Allowed values: "1" (default) and "2".

"1" = uses the C-based LDAP connection, SSL is not possible.
"2" = uses JWP, LDAP over SSL is possible

No
TLS

Allowed values: "Y[es]" and "N[o]"

This parameter is used only in case the parameter VERSION is set to "2".

If the parameter is set to "N", the Java based Work Process (JWP) creates a connection to the LDAP server without SSL.

No

* The keys that start with "USR" define the LDAP attributes from which the LDAP connection should read the e-mail address, as well as the first and last name when synchronizing user data. All three information types are stored in the User object.

Overview of all variables in Table Form
Variable

 


Automic Documentation - Tutorials - Automic Blog - Resources - Training & Services - Automic YouTube Channel - Download Center - Support

Copyright © 2016 Automic Software GmbH