IBM Marketing Platform | Security | LDAP synchronization
LDAP synchronization properties specify details that the system uses to log into the directory server and identify users to import. Some of these properties also control the frequency and other details of the automatic synchronization process.
LDAP sync enabled
- Description
-
Set to true to enable LDAP or Active Directory synchronization.
- Default value
-
false
- Valid Values
-
true | false
- Availability
-
This property is used only when the Marketing Platform is configured to integrate with a Windows™ Active Directory or other LDAP server.
LDAP sync interval
- Description
-
The Marketing Platform synchronizes with the LDAP or Active Directory server at regular intervals, specified in seconds here. If the value is zero or less, the Marketing Platform does not synchronize. If the value is a positive integer, the new value takes effect without a restart within ten minutes. Subsequent changes take effect within the configured interval time.
- Default value
-
600, or ten minutes
- Availability
-
This property is used only when the Marketing Platform is configured to integrate with a Windows Active Directory or other LDAP server.
LDAP sync delay
- Description
-
This the time (in 24 hour format) after which the periodic synchronization with the LDAP server begins, after the Marketing Platform is started. For example an LDAP sync delay of 23:00 and anLDAP sync interval of 600 mean that when the Marketing Platform starts, the periodic synchronization starts to execute at 11:00 PM and executes every 10 minutes (600 seconds) thereafter.
- Default value
-
23:00, or 11:00pm
- Availability
-
This property is used only when the Marketing Platform is configured to integrate with a Windows Active Directory or other LDAP server.
LDAP sync timeout
- Description
-
The LDAP sync timeout property specifies the maximum length of time, in minutes, after the start of a synchronization before the Marketing Platform marks the process ended. The Platform allows only one synchronization process to run at a time. If a synchronization fails, it is marked as ended whether it completed successfully or not.
This is most useful in a clustered environment. For example, if the Marketing Platform is deployed in a cluster, one server in the cluster might start an LDAP synchronization and then go down before the process is marked as ended. In that case, the Marketing Platform will wait for the amount of time specified in this property, and then it will start the next scheduled synchronization.
- Default value
-
600, (600 minutes, or ten hours)
- Availability
-
This property is used only when the Marketing Platform is configured to integrate with a Windows Active Directory or other LDAP server.
LDAP sync scope
- Description
-
Controls the scope of the initial query to retrieve the set of users. You should retain the default value of SUBTREE for synchronizing with most LDAP servers.
- Default value
-
SUBTREE
- Valid Values
-
The values are standard LDAP search scope terms.
- OBJECT - Search only the entry at the base DN, resulting in only that entry being returned
- ONE_LEVEL - Search all entries one level under the base DN, but not including the base DN.
- SUBTREE - Search all entries at all levels under and including the specified base DN.
- Availability
-
This property is used only when the Marketing Platform is configured to integrate with a Windows Active Directory or other LDAP server.
LDAP provider URL
- Description
-
For most implementations, set to the LDAP URL of the LDAP or Active Directory server, in one of the following forms:
- ldap://IP_address:port_number
- ldap://machineName.domain.com:port_number
On LDAP servers, the port number is typically 389 (636 if SSL is used).
If HCL® EMM is integrated with an Active Directory server, and your Active Directory implementation uses serverless bind, set the value of this property to the URL for your Active Directory server, using the following form:
ldap:///dc=example,dc=com
- Default value
-
Undefined
- Availability
-
This property is used only when the Marketing Platform is configured to integrate with a Windows Active Directory or other LDAP server.
Require SSL for LDAP connection
- Path
-
IBM Marketing Platform | Security | LDAP synchronization
- Description
-
Specifies whether the Marketing Platform uses SSL when it connects to the LDAP server to synchronize users. If you set the value to true, the connection is secured using SSL.
- Default value
-
false
- Valid Values
-
true | false
- Availability
-
This property is used only when the Marketing Platform is configured to integrate with a Windows Active Directory or other LDAP server.
LDAP config HCL Marketing Platform group delimiter
- Description
-
In the LDAP reference to HCL Marketing Platform group map category, if you want to map one LDAP or Active Directory group to multiple Marketing Platform groups, use the delimiter specified here. It can be any single character that does not appear in the names it is separating.
- Default value
-
; (semicolon)
- Availability
-
This property is used only when the Marketing Platform is configured to integrate with a Windows Active Directory or other LDAP server.
LDAP reference config delimiter
- Description
-
Specifies the delimiter that separates the SEARCHBASE and FILTER components that make up the LDAP or Active Directory reference (described in the LDAP references for HCL Marketing Platform user creation category).
FILTER is optional: if omitted, the Marketing Platform server dynamically creates the filter based on the value of the LDAP user reference attribute name property.
- Default value
-
; (semicolon)
- Valid Values
-
Any single character that does not appear in the names it is separating.
- Availability
-
This property is used only when the Marketing Platform is configured to integrate with a Windows Active Directory or other LDAP server.
HCL Marketing Platform user for LDAP credentials
- Description
-
Specifies the name of HCL EMM user that has been given LDAP administrator login credentials.
Set the value of this property to the user name you created for the HCL EMM user when you configured LDAP integration. This property works in conjunction with the Data source for LDAP credentials property in this category.
- Default value
-
asm_admin
- Availability
-
This property is used only when the Marketing Platform is configured to integrate with a Windows Active Directory or other LDAP server.
Data source for LDAP credentials
- Description
-
Specifies the Marketing Platform data source for LDAP administrator credentials.
Set the value of this property to the data source name you created for the HCL EMM user when you configured LDAP integration. This property works in conjunction with the HCL Marketing Platform user for LDAP credentials property in this category.
- Default value
-
Undefined
- Availability
-
This property is used only when the Marketing Platform is configured to integrate with a Windows Active Directory or other LDAP server.
LDAP user reference attribute name
- Description
-
For group based import of users, set to the name that your LDAP or Active Directory server uses for the user attribute in the Group object. Typically, this value is uniquemember in LDAP servers and member in Windows Active Directory servers.
For attribute based import of users, set this property to DN, and when you configure the LDAP reference map property, set the FILTER portion of the value to the string your LDAP server uses for the attribute on which you want to search.
- Default value
-
member
- Availability
-
This property is used only when the Marketing Platform is configured to integrate with a Windows Active Directory or other LDAP server.
LDAP BaseDN periodic search enabled
- Description
-
When this property is set to True, the Marketing Platform performs the LDAP synchronization search using the distinguished name set in the Base DN property under the IBM Marketing Platform | Security | LDAP category. If this property is set to False, the Marketing Platform performs the LDAP synchronization search using the groups mapped to LDAP groups under LDAP reference to IBM Marketing Platform group map.
The following table describes whether changes are picked up in periodic synchronization, depending on the value set for this property.
Table 1. Effect of this property on periodic synchronization behavior Change Is the change picked up when the value is set to True? Is the change picked up when the value is set to False? In Marketing Platform, delete a user synchronized from the LDAP server Yes No Remove a user from an LDAP group mapped to a Marketing Platform group No No In Marketing Platform, remove a user from a Marketing Platform group mapped to an LDAP group. No No Add a new user to the LDAP server Yes Yes Add a user to an LDAP group mapped to a Marketing Platform group Yes No Change user attributes on the LDAP server Yes Yes - Default value
-
True
- Availability
-
This property is used only when the Marketing Platform is configured to integrate with a Windows Active Directory or other LDAP server.
User login
- Description
-
Maps the HCL EMM user's login to the equivalent user attribute in your LDAP or Active Directory server. User login is the only required mapping. Typically, the value for this attribute is uid for LDAP servers and sAMAccountName for Windows Active Directory servers. You should verify this on your LDAP or Active Directory server.
- Default value
-
uid
- Availability
-
This property is used only when the Marketing Platform is configured to integrate with a Windows Active Directory or other LDAP server.
First name
- Description
-
Maps the First Name user attribute in the Marketing Platform to the equivalent user attribute in your LDAP or Active Directory server.
- Default value
-
givenName
- Availability
-
This property is used only when the Marketing Platform is configured to integrate with a Windows Active Directory or other LDAP server.
Last name
- Description
-
Maps the Last Name user attribute in the Marketing Platform to the equivalent user attribute in your LDAP or Active Directory server.
- Default value
-
sn
- Availability
-
This property is used only when the Marketing Platform is configured to integrate with a Windows Active Directory or other LDAP server.
User title
- Description
-
Maps the Title user attribute in the Marketing Platform to the equivalent user attribute in your LDAP or Active Directory server.
- Default value
-
title
- Availability
-
This property is used only when the Marketing Platform is configured to integrate with a Windows Active Directory or other LDAP server.
Department
- Description
-
Maps the Department user attribute in the Marketing Platform to the equivalent user attribute in your LDAP or Active Directory server.
- Default value
-
Undefined
- Availability
-
This property is used only when the Marketing Platform is configured to integrate with a Windows Active Directory or other LDAP server.
Company
- Description
-
Maps the Company user attribute in the Marketing Platform to the equivalent user attribute in your LDAP or Active Directory server.
- Default value
-
Undefined
- Availability
-
This property is used only when the Marketing Platform is configured to integrate with a Windows Active Directory or other LDAP server.
Country
- Description
-
Maps the Country user attribute in the Marketing Platform to the equivalent user attribute in your LDAP or Active Directory server.
- Default value
-
Undefined
- Availability
-
This property is used only when the Marketing Platform is configured to integrate with a Windows Active Directory or other LDAP server.
User email
- Description
-
Maps the Email Address attribute in the Marketing Platform to the equivalent user attribute in your LDAP or Active Directory server.
- Default value
-
mail
- Availability
-
This property is used only when the Marketing Platform is configured to integrate with a Windows Active Directory or other LDAP server.
Address 1
- Description
-
Maps the Address user attribute in the Marketing Platform to the equivalent user attribute in your LDAP or Active Directory server.
- Default value
-
Undefined
- Availability
-
This property is used only when the Marketing Platform is configured to integrate with a Windows Active Directory or other LDAP server.
Work phone
- Description
-
Maps the Work Phone user attribute in the Marketing Platform to the equivalent user attribute in your LDAP or Active Directory server.
- Default value
-
telephoneNumber
- Availability
-
This property is used only when the Marketing Platform is configured to integrate with a Windows Active Directory or other LDAP server.
Mobile phone
- Description
-
Maps the Mobile Phone user attribute in the Marketing Platform to the equivalent user attribute in your LDAP or Active Directory server.
- Default value
-
Undefined
- Availability
-
This property is used only when the Marketing Platform is configured to integrate with a Windows Active Directory or other LDAP server.
Home phone
- Description
-
Maps the Home Phone user attribute in the Marketing Platform to the equivalent user attribute in your LDAP or Active Directory server.
- Default value
-
Undefined
- Availability
-
This property is used only when the Marketing Platform is configured to integrate with a Windows Active Directory or other LDAP server.
Alternate login
- Description
-
Maps the Alternate Login user attribute in the Marketing Platform to the equivalent user attribute in your LDAP or Active Directory server.
- Default value
-
Undefined
- Availability
-
This property is used only when the Marketing Platform is configured to integrate with a Windows Active Directory or other LDAP server.