Configure a datastore in PingFederate.
- Install and run PingFederate.
- Install Active Directory (AD).
- Ensure the AD service account has permissions in all domains in that forest to read and access user data in all domains to which the agent connects.
- In the PingFederate administrative console, go to .
- Click Add new Data Store.
- On the Data Store Type tab, in the Name field, enter a name.
From the Type list, select Directory
(LDAP). Click Next.
- On the LDAP Configuration tab, in the Hostname(s) field, enter a name.
- From the LDAP Type list, select Active Directory.
- In the User DN and Password fields, enter the desired user distinguished name (DN) and password.
Select the Use LDAPS check box.
Ping recommends that all LDAP connections be secured using LDAPS.Tip:
If you want to enable the password changes, password reset, or account unlock features in the HTML form adapter against Microsoft AD, you must secure the connection to your directory server using LDAPS. AD requires this level of security to allow password changes.
- Complete any other fields that can help configure the datastore connection according to your current architect posture.
To test the connection, click Test Connection.
- Click Next.
- On the Summary tab, review your entries, and then click Save.