Documentation

Ldap/Active Directory Security Transformer

This transformer transforms incoming users by querying an Active Directory or an LDAP server. This is for instance reasonable if you have an on-premises system which does not offer e-mail addresses as user ids.

image-20241005-121002.png

Configuration

  1. Host or global catalog: please add the FQDN of an ldap server in this field. Please do not add a port.

  2. Port: here you can add the port. Common ports are 3269 for the global catalog with SSL and 636 for Active Directory with SSL.

  3. Use SSL: enable this to use SSL with the ports given above

  4. Subtree to search through: this is the base DN for the subtree, where you expect your users stored in the forest.

  5. Login user: the connector uses a named user to authenticate against the Active Directory. The user must not come with rotating passwords.

  6. Password: this is the according password.

  7. Field to use as search query: based on this field, the transformer will issue the query. The query is <field>=<user.alias>. The result will then be used in the next step for further processing.

  8. Filter query to search only the right objects: here you should add an object class to limit the result sets.

  9. Field to replace the username with: this is the attribute which the transformer should use for replacing the alias with.