Creating an LDAP query

To synchronize an RBAC user database with an LDAP-based user registry, you must run queries on the LDAP server. These queries identify the groups and users in the LDAP registry that you want to synchronize with RBAC.

When preparing to synchronize with an LDAP user registry, you need to define two queries: one to identify groups and a second to identify the users in those groups.

For information about modifying LDAP queries, see Modifying LDAP queries.

To create an LDAP query

  1. In the RBAC Manager folder, select LDAP Synchronization > LDAP Queries.
  2. Create a new LDAP query by right-clicking and selecting New > LDAP Query.
    The LDAP Query Creation wizard appears.
  3. Provide information for the LDAP query, as described in the following topics:
    • LDAP Query - General

       Click here to see descriptions of the fields.

      Field definitions

      Field

      Description

      Name

      Identifying name.

      Description

      Optional descriptive text.

      Base Distinguished Name

      The top level of the LDAP directory tree that you want to query. Identify that top level in terms of a distinguished name (DN).

      Filter

      The query you want to use
      Typically, a filter for groups of users would be (objectClass=group). A typical filter for users would be (objectClass=user).

      Attribute

      A value that distinguishes the type of information the query is searching for.
      Typically, if you are searching for groups of users, the attribute would be member. The attribute for individual users would be userPrincipalName.

    • LDAP Query - Properties

       Click here to see descriptions of the fields.

      The Properties panel provides a list of properties automatically assigned to a Snapshot Job. In this list, you can modify the value of any properties that are defined as editable.

      For any property that has a check in the Editable column, select the property and click in the Value column.

      • To set a property value back to its default value, click Reset to Default Value .
        The value of the property is reset to the value it inherits from a built-in property class. The Value Source column shows the property class from which the value is inherited.
      • Depending on the type of property you are editing, you can take different actions to set a new value, such as entering an alphanumeric string, choosing from an enumerated list, or selecting a date.
        To insert a parameter into the value, enter the value, bracketed with double question mark delimiters (for example, ??MYPARAMETER??) or click Select Property .

    • LDAP Query - Permissions

       Click here to see descriptions of the fields.
      The Permissions list is an access control list (ACL) granting roles access to any objects created in the system, such as jobs, servers, or depot objects. ACLs control access to all objects, including the sharing of objects between roles.

      Using the Permissions panel, you can add individual permissions to an object. You can also set permissions by adding ACL templates or ACL policies. For more information, see the following table:

      TaskDescription

      Adding an authorization

      An authorization grants permission to a role to perform a certain type of action on this object.

      To add an authorization to this object, click Add Entry  in the Access Control List area. Then use the Add New Entry dialog box to specify the role and authorization you want to add.

      Adding an ACL template

      An ACL template is a group of predefined authorizations granted to roles. Using an ACL template, you can add a group of authorizations to the object.

      To add an ACL template to the object, click Use ACL Template  in the Access Control List area. Then use the Select ACL Template dialog box to specify an ACL template that you want to add to this object.

      To set the contents of the selected ACL templates so they replace all entries in the access control list, check Replace ACL with selected templates. If you do not check this option, the contents of the selected ACL templates are appended to existing entries in the access control list.

      Adding an ACL policy

      An ACL policy is a group of authorizations that can be applied to this object but can be managed from one location.

      To add an ACL policy to this object, click Use ACL Policy  in the ACL Policies area. Then use the Select ACL Policy dialog box to specify an ACL policy that you want to add to the object.

      To set the contents of the selected ACL policies so they replace all entries in the access control list, check Replace ACL with selected policies. If you do not check this option, the contents of the selected ACL policies are appended to existing entries in the access control list.

  4. Click Finish at any time to close the wizard and save your changes.

Where to go next

LDAP Query - General

Was this page helpful? Yes No Submitting... Thank you

Comments