Define General Properties

The General page in the Map Object window in a Blueprint includes options for general information, Security, Configuration, and Searching settings, as well as a series of check boxes for mapping options.

To define General properties:

  1. Open the Map Active Directory Object Window.
  2. Click the General page.
  3. Define General properties.
  4. Define Security properties.
  5. Define Configuration properties.
  6. Define Use Paged Searching properties.
  7. Define the Miscellaneous properties.

General Properties

  • Name: Provide a name for the service.
  • Directory Service: This is the type of directory service.
  • Domain: This is the domain name of the network.
  • Server: This is the host name of the LDAP directory server.
    Note: If you are using LDAPS, specify the host name of the SSL/TLS certificate used by your LDAP directory to establish a secure connection. If your certificate is self-signed or from a non-standard Root CA, you may need to install the certificate on the machines that are connecting directly to the LDAP directory. This may include your CSM Application Servers and machines running the CSM Administrator and CSM Trusted Agent Server if they directly connect to the LDAP directory.

Security Properties

  • Authentication type: This is the type of authentication required to access LDAP.
    • No Encryption: No login is required and all data is transferred in plain text.
    • Basic: User ID and Password are required, but no confidentiality is provided. Data is transferred in plain text.
    • Secure: User ID and Password is authenticated through NTLM or Kerberos, depending on the service selected. The Data between LDAP and CSM is not encrypted.
    • SSL: User ID and Password are required and data between LDAP and CSM is encrypted. This changes the path to LDAP and the default port to 636.
  • Search User ID: This is the User ID used for all LDAP searches. The User ID can be set in a variety of formats:
    • Windows Only: domain\user, user@domain, cn=user.dc=company.ddc=com
    • Other: cn=user.ou=company.c=US.
      Tip: Click the Question Mark to see the list of valid formats. Ask an LDAP administrator which format is being used at a specific organization.
    • Search Password: This is the password assigned to the User ID.

Configuration Properties

  • Port: The standard LDAP ports are 389 and 636 (secure LDAP). If unsure of the port number, try these two first.
  • RootDSE Path: The RootDSE is the root of the LDAP directory server. Some examples are:
    • LDAP://192.168.0.123/RootDSE
    • LDAP://192.168.0.123:389/RootDSE (when port number is included)
    • LDAP://ServerName/RootDSE
    Note: If you are using any port besides 389, type the port number in the RootDSE path (example: LDAP://www.mycompany.com:389/RootDSE).
  • Schema Path: The schema contains a definition of all of the objects on the LDAP server (User, Group, etc.).

    The easiest way to set up the schema path is to click the Locate button. Before doing this, go to the Security section on the General properties page and verify the encryption type, User ID, and Password is set up. When the RootDSE and security information is entered, CSM Administrator should be able to find the schema. If the schema is not found, Users should ask an LDAP administrator for assistance.

    Some common schema paths are:
    • LDAP:// 192.168.0.123/CN=Schema,CN=Configuration,DC=Cherwell,DC=com
    • LDAP://ServerName/CN=Schema,CN=Configuration,DC=Cherwell,DC=com

      (these are the formats used by Active Directory)

    • LDAP://192.168.0.123/cn=schema
    • LDAP://www.mycompany.com/cn=Subschema
    • LDAP://www.openldap.com:389/cn=Subschema
  • Search Start: This is the location where LDAP searches begin. Using only the server location can slow the data transfer. Enter a path more specific to the location of the data to increases data-transfer efficiency. For example, to search for only Users in Colorado Springs the path might be:

    LDAP://Cherwell/DC=ColSpgs,DC=Cherwell,DC=Com

    Tip: DC stands for domain context (used by Microsoft computers with domains). The LDAP standard also suggests some prefixes that are used by most vendors – OU (Organizational Unit), O (Organization), CN (Common Name), and C (Country). The prefixes are case insensitive.
    More examples are:
    • LDAP://Cherwell/OU=ColSpgs,DC=Cherwell,DC=com
    • LDAP://192.168.0.123/ou=Administrators,ou=TopologyManagement,o=NewspapeRing
    • LDAP://ServerName/O=Cherwell,c=US
    • LDAP://www.mycompany.com/o=Cherwell
    • LDAP://www.mycompany.com /dc=site
  • Follow Server Referrals: Data can be stored on multiple LDAP servers. Selecting this check box allows the initial-contact server to continue searching for data beyond the initial server to secondary servers for information. Users should consult an LDAP administrator or IT staff member to verify if this should be selected.
    Note: Allowing referral services can cause delays during data transfer.

Page Searching Properties

The Use Paged Searching option is recommended because it allows you to set the maximum page size and server time limit. Using paged searching assists to increase the speed of searching by grouping search results into pages set by the Max page size limit. The time limit is set to have the server stop searching after the entered time if there are no results to the search.

Recommended settings: Max page size - 100; Server Time Limit - 120 seconds.

Note: Some vendors do not support this functionality. Click the Test Paged Search button to see if the feature is supported.

Miscellaneous Options

  • Allow Business Objects to be mapped to objects: Select this check box to map CSM Business Objects to Active Directory Objects.
  • Allow Business Objects to be imported from data: Select this check box to import Active Directory data into CSM.
  • Client-Side LDAP (for SaaS): Select this check box to allow data to be shared from CSM to LDAP without going through SaaS. Do not select this check box unless specifically directed.
© Copyright 2018 Cherwell Software, LLC. All rights reserved.