HCL Marketing Platform | Security | LDAP synchronization

LDAP synchronization properties specify details that the system uses to log into the directory server and identify users to import. Some of these properties also control the frequency and other details of the automatic synchronization process.

LDAP sync enabled

Description

Set to true to enable LDAP or Active Directory synchronization.

Default value

false

Valid Values

true | false

Availability

This property is used only when the Marketing Platform is configured to integrate with a Windows™ Active Directory or other LDAP server.

LDAP sync interval

Description

The Marketing Platform synchronizes with the LDAP or Active Directory server at regular intervals, specified in seconds here. If the value is zero or less, the Marketing Platform does not synchronize. If the value is a positive integer, the new value takes effect without a restart within ten minutes. Subsequent changes take effect within the configured interval time.

Default value

600, or ten minutes

Availability

This property is used only when the Marketing Platform is configured to integrate with a Windows Active Directory or other LDAP server.

LDAP sync delay

Description

This the time (in 24 hour format) after which the periodic synchronization with the LDAP server begins, after the Marketing Platform is started. For example an LDAP sync delay of 23:00 and anLDAP sync interval of 600 mean that when the Marketing Platform starts, the periodic synchronization starts to execute at 11:00 PM and executes every 10 minutes (600 seconds) thereafter.

Default value

23:00, or 11:00pm

Availability

This property is used only when the Marketing Platform is configured to integrate with a Windows Active Directory or other LDAP server.

LDAP sync timeout

Description

The LDAP sync timeout property specifies the maximum length of time, in minutes, after the start of a synchronization before the Marketing Platform marks the process ended. The Platform allows only one synchronization process to run at a time. If a synchronization fails, it is marked as ended whether it completed successfully or not.

This is most useful in a clustered environment. For example, if the Marketing Platform is deployed in a cluster, one server in the cluster might start an LDAP synchronization and then go down before the process is marked as ended. In that case, the Marketing Platform will wait for the amount of time specified in this property, and then it will start the next scheduled synchronization.

Default value

600, (600 minutes, or ten hours)

Availability

This property is used only when the Marketing Platform is configured to integrate with a Windows Active Directory or other LDAP server.

LDAP sync scope

Description

Controls the scope of the initial query to retrieve the set of users. You should retain the default value of SUBTREE for synchronizing with most LDAP servers.

Default value

SUBTREE

Valid Values

The values are standard LDAP search scope terms.

  • OBJECT - Search only the entry at the base DN, resulting in only that entry being returned
  • ONE_LEVEL - Search all entries one level under the base DN, but not including the base DN.
  • SUBTREE - Search all entries at all levels under and including the specified base DN.
Availability

This property is used only when the Marketing Platform is configured to integrate with a Windows Active Directory or other LDAP server.

LDAP provider URL

Description

For most implementations, set to the LDAP URL of the LDAP or Active Directory server, in one of the following forms:

  • ldap://IP_address:port_number
  • ldap://machineName.domain.com:port_number

On LDAP servers, the port number is typically 389 (636 if SSL is used).

If HCL® Marketing Software is integrated with an Active Directory server, and your Active Directory implementation uses serverless bind, set the value of this property to the URL for your Active Directory server, using the following form:

ldap:///dc=example,dc=com

Default value

Undefined

Availability

This property is used only when the Marketing Platform is configured to integrate with a Windows Active Directory or other LDAP server.

Require SSL for LDAP connection

Path

HCL Marketing Platform | Security | LDAP synchronization

Description

Specifies whether the Marketing Platform uses SSL when it connects to the LDAP server to synchronize users. If you set the value to true, the connection is secured using SSL.

Default value

false

Valid Values

true | false

Availability

This property is used only when the Marketing Platform is configured to integrate with a Windows Active Directory or other LDAP server.

LDAP config HCL® Marketing Platform group delimiter

Description

In the LDAP reference to HCL Marketing Platform group map category, if you want to map one LDAP or Active Directory group to multiple Marketing Platform groups, use the delimiter specified here. It can be any single character that does not appear in the names it is separating.

Default value

; (semicolon)

Availability

This property is used only when the Marketing Platform is configured to integrate with a Windows Active Directory or other LDAP server.

LDAP reference config delimiter

Description

Specifies the delimiter that separates the SEARCHBASE and FILTER components that make up the LDAP or Active Directory reference (described in the LDAP references for HCL Marketing Platform user creation category).

FILTER is optional: if omitted, the Marketing Platform server dynamically creates the filter based on the value of the LDAP user reference attribute name property.

Default value

; (semicolon)

Valid Values

Any single character that does not appear in the names it is separating.

Availability

This property is used only when the Marketing Platform is configured to integrate with a Windows Active Directory or other LDAP server.

HCL Marketing Platform user for LDAP credentials

Description

Specifies the name of HCL Marketing Software user that has been given LDAP administrator login credentials.

Set the value of this property to the user name you created for the HCL Marketing Software user when you configured LDAP integration. This property works in conjunction with the Data source for LDAP credentials property in this category.

Default value

asm_admin

Availability

This property is used only when the Marketing Platform is configured to integrate with a Windows Active Directory or other LDAP server.

Data source for LDAP credentials

Description

Specifies the Marketing Platform data source for LDAP administrator credentials.

Set the value of this property to the data source name you created for the HCL Marketing Software user when you configured LDAP integration. This property works in conjunction with the HCL Marketing Platform user for LDAP credentials property in this category.

Default value

Undefined

Availability

This property is used only when the Marketing Platform is configured to integrate with a Windows Active Directory or other LDAP server.

LDAP user reference attribute name

Description

For group based import of users, set to the name that your LDAP or Active Directory server uses for the user attribute in the Group object. Typically, this value is uniquemember in LDAP servers and member in Windows Active Directory servers.

For attribute based import of users, set this property to DN, and when you configure the LDAP reference map property, set the FILTER portion of the value to the string your LDAP server uses for the attribute on which you want to search.

Default value

member

Availability

This property is used only when the Marketing Platform is configured to integrate with a Windows Active Directory or other LDAP server.

LDAP BaseDN periodic search enabled

Description

When this property is set to True, the Marketing Platform performs the LDAP synchronization search using the distinguished name set in the Base DN property under the HCL Marketing Platform | Security | LDAP category. If this property is set to False, the Marketing Platform performs the LDAP synchronization search using the groups mapped to LDAP groups under LDAP reference to HCL Marketing Platform group map.

The following table describes whether changes are picked up in periodic synchronization, depending on the value set for this property.

Table 1. Effect of this property on periodic synchronization behavior
Change Is the change picked up when the value is set to True? Is the change picked up when the value is set to False?
In Marketing Platform, delete a user synchronized from the LDAP server Yes No
Remove a user from an LDAP group mapped to a Marketing Platform group No No
In Marketing Platform, remove a user from a Marketing Platform group mapped to an LDAP group. No No
Add a new user to the LDAP server Yes Yes
Add a user to an LDAP group mapped to a Marketing Platform group Yes No
Change user attributes on the LDAP server Yes Yes
Default value

True

Availability

This property is used only when the Marketing Platform is configured to integrate with a Windows Active Directory or other LDAP server.

User login

Description

Maps the HCL Marketing Software user's login to the equivalent user attribute in your LDAP or Active Directory server. User login is the only required mapping. Typically, the value for this attribute is uid for LDAP servers and sAMAccountName for Windows Active Directory servers. You should verify this on your LDAP or Active Directory server.

Default value

uid

Availability

This property is used only when the Marketing Platform is configured to integrate with a Windows Active Directory or other LDAP server.

First name

Description

Maps the First Name user attribute in the Marketing Platform to the equivalent user attribute in your LDAP or Active Directory server.

Default value

givenName

Availability

This property is used only when the Marketing Platform is configured to integrate with a Windows Active Directory or other LDAP server.

Last name

Description

Maps the Last Name user attribute in the Marketing Platform to the equivalent user attribute in your LDAP or Active Directory server.

Default value

sn

Availability

This property is used only when the Marketing Platform is configured to integrate with a Windows Active Directory or other LDAP server.

User title

Description

Maps the Title user attribute in the Marketing Platform to the equivalent user attribute in your LDAP or Active Directory server.

Default value

title

Availability

This property is used only when the Marketing Platform is configured to integrate with a Windows Active Directory or other LDAP server.

Department

Description

Maps the Department user attribute in the Marketing Platform to the equivalent user attribute in your LDAP or Active Directory server.

Default value

Undefined

Availability

This property is used only when the Marketing Platform is configured to integrate with a Windows Active Directory or other LDAP server.

Company

Description

Maps the Company user attribute in the Marketing Platform to the equivalent user attribute in your LDAP or Active Directory server.

Default value

Undefined

Availability

This property is used only when the Marketing Platform is configured to integrate with a Windows Active Directory or other LDAP server.

Country

Description

Maps the Country user attribute in the Marketing Platform to the equivalent user attribute in your LDAP or Active Directory server.

Default value

Undefined

Availability

This property is used only when the Marketing Platform is configured to integrate with a Windows Active Directory or other LDAP server.

User email

Description

Maps the Email Address attribute in the Marketing Platform to the equivalent user attribute in your LDAP or Active Directory server.

Default value

mail

Availability

This property is used only when the Marketing Platform is configured to integrate with a Windows Active Directory or other LDAP server.

Address 1

Description

Maps the Address user attribute in the Marketing Platform to the equivalent user attribute in your LDAP or Active Directory server.

Default value

Undefined

Availability

This property is used only when the Marketing Platform is configured to integrate with a Windows Active Directory or other LDAP server.

Work phone

Description

Maps the Work Phone user attribute in the Marketing Platform to the equivalent user attribute in your LDAP or Active Directory server.

Default value

telephoneNumber

Availability

This property is used only when the Marketing Platform is configured to integrate with a Windows Active Directory or other LDAP server.

Mobile phone

Description

Maps the Mobile Phone user attribute in the Marketing Platform to the equivalent user attribute in your LDAP or Active Directory server.

Default value

Undefined

Availability

This property is used only when the Marketing Platform is configured to integrate with a Windows Active Directory or other LDAP server.

Home phone

Description

Maps the Home Phone user attribute in the Marketing Platform to the equivalent user attribute in your LDAP or Active Directory server.

Default value

Undefined

Availability

This property is used only when the Marketing Platform is configured to integrate with a Windows Active Directory or other LDAP server.

Alternate login

Description

Maps the Alternate Login user attribute in the Marketing Platform to the equivalent user attribute in your LDAP or Active Directory server.

Default value

Undefined

Availability

This property is used only when the Marketing Platform is configured to integrate with a Windows Active Directory or other LDAP server.