Downloading and configuring the LDAP sync agent

To be able to run the sync, you first download the LDAP sync agent and configure the application.properties file.

The application.properties file contains configuration details such as information for connecting to the LDAP server and sync configuration options such as objects to be synced, sync schedule, search filters, object mapping, and so on.

To download and configure the LDAP sync agent

1. From the Configure menu, select LDAP sync agent.
2. Download and save the bmc_helix_identity_sync_agent.zip agent file into a temporary directory.
3. Extract and open the bmc_helix_identity_sync_agent.zip file.
4. Go to the config folder and edit the application.properties file.

5. Provide the following values for the configuration parameters and save the file.

   Parameter	Description
   Sync configuration
   ldap object type	Type of LDAP objects that you want to sync. Valid values: groups: Sync groups only. users: Sync users only. all: Sync groups and users along with their mapping. Default: groups
   ade.user.group.mapping.replace	Applies only if you set ldap.object.type=all. Indication of whether you want to replace the user and user group mapping in BMC Helix Portal with the LDAP user and group mapping. Valid values: true false Default: false
   LDAP connection details
   ldap.connect.timeout	Time (in milliseconds) to wait for establishing a connection with the LDAP server. Default: 2000
   ldap.read.timeout	Time (in milliseconds) to wait for getting a response from the LDAP server. Read timeouts can occur only after the connection to the LDAP server is established. Default: 30000
   ldap.url	URL of the LDAP server that includes the scheme, address, and port. Example: ldap.URL=ldap://HostABC.com:389
   ldap.base	Base search for entries with distinguished names. Example: ldap.base=DC=HostABC,DC=com
   ldap.username	User name with which your want to connect with the LDAP server. Example: ldap.username=CN=Admins,DC=ldap,DC=com
   ldap.password	Password for connecting with the LDAP server.
   Group search filter and mapping (applies if you set ldap.object.type=groups or ldap.object.type=all)
   ldap.groups.search.filter	Search filter for groups. Use this parameter to narrow the search and sync only those groups that need access to the various integrated products on BMC Helix Portal. Example: ldap.groups.search.filter=(&(CN=Admins) (objectClass=user))
   ldap.groups.attribute.name	LDAP attribute name that you want to map to the Group name field specified while creating a group on BMC Helix Portal. Example: ldap.groups.attribute.name=cn
   ldap.groups.attribute.description	LDAP attribute name that you want to map to the Description field specified while creating a group on BMC Helix Portal. Example: ldap.groups.attribute.description=description
   User search filter and mapping (applies if you set ldap.object.type=users or ldap.object.type=all)
   ldap.users.search.filter	Search filter for users. Use this parameter to narrow the search and sync only those users that need access to the various integrated products on BMC Helix Portal. Example: ldap.users.search.filter=(&(givenName=Mike) (objectClass=user))
   ldap.users.attribute.first_name	LDAP attribute name that you want to map to the First name field specified while creating a user on BMC Helix Portal. Example: ldap.users.attribute.first_name=givenName
   ldap.users.attribute.last_name	LDAP attribute name that you want to map to the Last name field specified while creating a user on BMC Helix Portal. Example: ldap.users.attribute.last_name=sn
   ldap.users.attribute.email	LDAP attribute name that you want to map to the Email field specified while creating a user on BMC Helix Portal. Example: ldap.users.attribute.email=mail
   ldap.users.attribute.principal_id	LDAP attribute name that you want to map to the Login ID field specified while creating a user on BMC Helix Portal. Example: ldap.users.attribute.principal_id=name
   Group and user mapping search filter (applies if you set ldap.object.type=all)
   ldap.users.group.mapping.search.filter	Search filter for group to user mapping. Use this parameter to narrow the search and sync only those groups and associated users that need access to the various integrated products on BMC Helix Portal. Note: If you set the value to %s, all the groups will be queried to get details of the mapped users. Example: ldap.users.group.mapping.search.filter=(&(objectCategory=user)(memberOf=CN=%s,DC=abc,DC=pqr,DC=lmn,DC=com)) Consider the following points while defining search filters: Based on the filter defined, groups are searched first. The response retrieved for groups is further used for searching users, followed by the user mapping. Therefore, ensure that there is no mismatch between the group and user conditions. If there is a mismatch between the groups and users retrieved based on the search filters, these groups and users are not mapped on BMC Helix Portal. Instead, a list of synced groups and users are displayed separately on the BMC Helix Portal console.
   Sync schedule and TLS configuration
   ldap.sync.cron.schedule	Cron schedule based on which the LDAP sync must happen. Example: ldap.sync.cron.schedule=0 0 0 * * * (syncs daily, at midnight)
   ldap.tls.enabled	Indication of whether the LDAP server should be authenticated by validating the TLS certificate. Valid values: true false Default: false
   BMC Helix Portal details
   helix.portal.endpoint	Tenant URL of the BMC Helix Portal console.
   helix.portal.access.key	Access key for authenticating into BMC Helix Portal.
   helix.portal.access.secret.key	Secret key corresponding to the access key.
   Search size
   ldap.search.page.size	Number of entries to retrieve from the LDAP server in response to a search request. Default: 1000

Where to go from here

Run the LDAP sync agent commands to start the sync. For more information, see Running the LDAP sync agent.