Versions Compared

Old Version 3

changes.mady.by.user Robert Andelin

Saved on

compared with

New Version Current

changes.mady.by.user Robert Andelin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from space DTPDEVEL and version 2022.1

...

Connecting to LDAP Over SSL

Include+
spaceKeyDTP20221
scrollPageId0A01020401629C488D795036513CC120
Include Page
Adding Trusted CertificatesAdding Trusted Certificates

Configuring Directory Settings

...

Base DN

The base DN is the context DN (distinguished name) where the directory objects reside. If empty, User Administration will use the root DN of the directory tree. Organizational units (ou) and domain components (dc) are used to define directory tree structures.

The following example shows how an organization could structure its directory:

ou=US,ou=People,dc=company,dc=com

ou=Europe,ou=People,dc=company,dc=com

ou=Asia,ou=People,dc=company,dc=com

In this example, you would enter the following base DNs to scan users from Europe and Asia only.

ou=Europe,ou=People,dc=company,dc=com

ou=Asia,ou=People,dc=company,dc=com

Filter

Enter an expression in the Filter field to search on specific parameters. Searches are performed on the base DN(s) and specified scope. The following examples describe some of the ways filters can be used:

Simple filter for users under provided base DN:

(objectclass=person)

Find "devel1" and "devel2" users only:

(&(objectclass=devel1)(objectclass=devel2))

Find users that are members of group "Managers":

(&(objectclass=person)(memberOf=cn=Managers,cn=Users,ou=company,ou=com))

Info
titleAbout Filter Settings in Previous Versions of DTP

In versions of DTP prior to 5.4, the LDAP filter configuration included an extra attribute and template: uid={0}. This attribute and template has been removed in version 5.4 and later. If you upgraded 5.4 or later from a previous version, though, the uid={0} attribute will be set to uid=* for compatibility with the current LDAP user import functionality. There should be no impact to your experience as a result of this change, but we recommend verifying that your user and group import settings function as expected.

Restrict To GroupsEnable this option to import only the users that belong to a group specified in the Group Import Settings. Users that do not belong to a group configured in Group Import Settings will not be imported.

Attribute Mappings

The attributes mapping section defines how User Administration attributes (i.e., user login name, first name, last name, and email) map to directory object attributes (i.e., uid, givenName, sn, and email). You can use the defaults mappings or configure the attributes to align with your LDAP server. Refer to the documentation for your LDAP server

Username

This field is used for the login name in DTP. The the uid attribute is commonly used to identify users in LDAP servers. In Active Directory, the sAMAccountName attribute is used as the client login name.

Default is uid.

First Name

This field is used for the the users' first name in DTP. The givenName attribute is commonly used to specify users' first name in LDAP servers.

Default is givenName.

Last Name

This field is used for the users' last name (surname) in DTP. The sn attribute is commonly used to specify users' last name in LDAP servers. Default is sn.

Email Address

This field is used for the users' email address in DTP. The mail attribute is commonly used to specify users' email address in LDAP servers. Default is mail.

Member Of

This field is used to associate users in DTP with LDAP groups. Default is memberOf. See Advanced Settings for additional information.

...

Enable group importIf you want to import groups set in your LDAP, enable the Enable Group Import option.
Base DNSee the Base DN setting under User Import Settings.
Filter

See the Filter setting under User Import Settings.

Info
titleAbout Group Filter Settings in Previous Versions of DTP

In versions of DTP prior to 5.4, the LDAP filter configuration included an extra attribute and template: cn={0}. This attribute and template has been removed in version 5.4 and later. If you upgraded 5.4 or later from a previous version, though, the cn={0} attribute will be set to cn=* for compatibility with the current LDAP user import functionality. There should be no impact to your experience as a result of this change, but we recommend verifying that your user and group import settings function as expected.

 

Enable nested groupsIf groups contain other groups in your directory, you can enable this setting to retain your LDAP server's hierarchical structure.
Ancestor groups only

A nested group may contain users, in addition to other groups. An ancestor is a user that is the immediate member of a group nested inside another group. In the following example, MEMBER B and C are the ancestors within the groups nested within GROUP A.

You can enable the Ancestor groups only option and specify a group name in the Ancestor group names field to import only the immediate members associated with the nested groups. Members of the group specified in the Ancestor group names field will also be imported.

Ancestor group namesIf the Ancestor groups option is enabled, specify the name of the nested group that contains the ancestors you want to import.

Attribute Mappings

The attributes mapping section defines how Parasoft User Administration object attributes map to the connected directory object attributes. You can use the defaults mappings or configure the attributes to meet your specific needs.

NameDefault is cn.
DescriptionDefault is cn.
MemberDefault is member. See Advanced Settings for additional information.

...