Configuration

LDAP URL

Specifies the LDAP URL of the Active Directory service you want to access. The LDAP URL has the form ldap://hostname:port or ldap://server_IP_address:port. For example, ldap://localhost:389

Note: The default LDAP port number is 389. When using SSL, the default LDAP port number is 636.

Login username

Specifies the distinguished name used for authentication to the service. For example, cn=administrator,cn=users,dc=your_domain,dc=com.

Note: If you use Anonymous authentication, you must leave this parameter blank.

Login password

Specifies the credentials (password).

Note: If you use Anonymous authentication, you must leave this parameter blank.

Authentication Method

Specifies the authentication method to be used. Possible values are:

• Anonymous (use no authentication)
• Simple (use weak authentication (cleartext password))

Use SSL

Specifies whether to use Secure Sockets Layer for LDAP communication with Active Directory.

Extra Provider Parameters

Allows you to pass a number of extra parameters to the JNDI layer. It is specified as name:value pairs, one pair per line.

Binary Attributes

Specifies a list of parameters that are to be interpreted as binary values instead of strings. The default value for this parameter is objectGUID objectSid.

LDAP Search Base

Specifies the Active Directory sub-tree that is polled for changes. The search base should be an Active Directory Naming Context if detection of deleted objects is required. For example, dc=your_domain,dc=com.

Page Size

Specifies the number of entries per page returned by this request (default value is 500).

Iterator State Key

Specifies the name of the parameter that stores the current synchronization state in the User Property Store of the IBM Security Directory Integrator. This must be a unique name for all parameters stored in one instance of the IBM Security Directory Integrator User Property Store. The Delete button lets you delete this information from the User Property Store.

Start at

Specifies either EOD or 0. EOD means report only changes that occur after the Connector is started. 0 means perform full synchronization, that is, report all objects available in Active Directory Service. This parameter is taken into account only when the parameter specified by the Iterator State Key parameter is not found in the User Property Store.

State Key Persistence

Determines when the Connector's state is written to the System Store. The default (and recommended setting) is End of Cycle, and the choices are:

After read

Updates the System Store when you read an entry from the Active Directory change log, before you continue with the rest of the AssemblyLine.

End of cycle

Updates the System Store with the change log number when all Connectors and other components in the AssemblyLine have been evaluated and executed.

Manual

Switches off the automatic updating of the System Store with this Connector's state information; instead, you will need to save the state by manually calling the ADCD Connector's saveStateKey() method, somewhere in your AssemblyLine.

Use Notifications

Specifies whether to use notification when waiting for new changes in Active Directory. If not enabled, the Connector will poll for new changes.

If enabled, the Connector will not sleep or timeout but instead wait for a Change Notification event (Server Search Notification Control (OID 1.2.840.113556.1.4.528) from the Active Directory server, and the sleep interval and timeout parameters are ignored.

Timeout

Specifies the maximum number of seconds the Connector waits for the next changed Active Directory object. If this parameter is 0, then the Connector waits forever. If the Connector has not retrieved the next changed Active Directory object within timeout seconds, then it returns an empty (null) Entry, indicating that there are no more Entries to return. The default is 5.

Sleep Interval

Specifies the number of seconds the Connector sleeps between successive polls.

Detailed Log

If this field is checked, additional log messages are generated.

Comment

Your comments here.

LDAP Connector,
Sun Directory Change Detection Connector,
IBM Security Directory Integrator Changelog Connector,
z/OS LDAP Changelog Connector,
How to poll for object attribute changes in Active Directory on
Windows 2000 and Windows Server 2003.