Use IdentityIQ to configure an LDAPS connection to PingDirectory.
- Sign on to the IdentityIQ Administrator console.
-
Go to Applications > Application Definition.
- Click Add New Application.
- On the Details tab, enter a unique application name and set the Owner field.
-
From the Application Type menu, select SunOne
– Direct.
Note:
PingDirectory is a derivative of the SunOne Directory.
- Click the Configuration tab.
-
On the Settings tab, enter the Direct Configuration
settings.
- Select the Use TLS check box.
- Set Authorization Type to Simple.
- Enter the PingDirectory administrator account information in the User and Password fields— "cn=dmanager" and the associated password, respectively.
- In the Host field, enter the hostname of the PingDirectory server.
-
In the Port field, enter the PingDirectory configured LDAPS port 636 or
1636.
Note: The default LDAPS port for PingDirectory is 636.
-
Scroll to the bottom and ensure the Account and
Group search scopes are valid for the
configured PingDirectory topology.
Note:In the demo environment the following values were used.
- Account Search Scope: dc=anycompany,dc=co
- Group Search Scope: ou=Groups,dc=anycompany,dc=co
-
Click Test Connection to verify that IdentityIQ
can connect to PingDirectory.
-
Click the Schema tab and review the details and
attributes for the account and group object types. Verify that they match the
configured PingDirectory schema.
Note:The following values were required for the demo environment:
- Set Group Membership Scope to the group Search DN (ou=Groups,dc=anycompany,dc=co)
- Change Native Object Type from groupOfUniqueNames to groupOfNames
- Change Group Membership Attribute from uniqueMember to member
- Under the Groups schema, add member as an attribute and set it to multi-valued
-
Click the Preview button for both accounts and groups to
preview the objects loaded into IdentityIQ.