LDAP Directory Synchronizer
Online Documentation
Setting up an LDAP Directory for Synchronization
Before LDSU can access an LDAP directory for import or export, some
steps may be required to setup the LDAP directory for LDSU access.
These steps are specific to the type of LDAP directory being accessed,
and the details in implementing them will vary,
but usually include the following:
- Allow LDAP access to the directory. This includes starting
the LDAP server and identifying the TCP hostname and port number (usually 389).
(Used to set the ldsu_config.dat bind_server and
bind_port parameters.)
- Allow LDSU to have sufficient access to the directory. This includes
identifying or creating a Distinguished Name and Password for LDSU to
use to authenticate to the directory.
Or allow anonymous access (not recommended).
(Used to set the ldsu_config.dat bind_name and
bind_password parameters.)
- Determine the maximum number of records that LDSU will need to extract
in any instance and make sure the LDAP Server does not have a limit set below
this level, which would cause an LDAP error. (Investigate using the
ldsu_config.dat big_search_field
parameter to reduce maximum number if needed. Or separate the instance into
multiple instances using multiple Group IDs.)
- Configure and tune the system running the LDAP directory and server if
necessary to handle the ultimate size of the directory and the maximum number of
records extracted or updated at a time.
- If importing, make sure any needed parent records are created in advance.
(Although LDSU can create some parent records - see the ldsu_config.dat
create_root parameter).
- Based on the Directory Synch planning,
customize the LDAP directory to add new attributes, objectclasses (if
necessary). (Often referred to as "Customizing the Schema".)
- Update the directory to "index" any attributes that are to be used as
search filters by LDSU. (If supported by the directory). Failure to do so
may result in poor performance when doing directory extracts and unique field
checking. Attributes used in the following ldsu_config.dat parameters should
be indexed:
The final step to setting up the LDAP directory for LDSU access is to
determine all the LDAP RDN and attribute names and create the
LDSU Layout File for the LDAP directory.
Some examples exist in the "templates" subdirectory.
An LDAP test program (ldap_test) is supplied in the LDSU bin directory to help
troubleshoot and test LDAP access and to determine LDAP RDN and attribute
names. It is a read-only program that only does the LDAP open, bind and search
functions. See the Running LDSU section under
Running LDAP_TEST on
how to use it. After a creating a directory entry using the LDAP directories'
manual interface, run ldap_test to determine how the entry looks to an LDAP
client (like LDSU).
Copyright © Digital Equipment Corporation 1998