Federation Provider parameters

Table 1. General parameters
Parameter Description Values
Name Specifies the name of the Federation Provider instance. This value cannot be edited after the instance has been created. String
Enabled Specifies whether the Federation Provider is supported. Default: enabled
Import Users Specifies whether users are synchronized from the LDAP server. Default: enabled
Vendor Specifies the LDAP vendor type.
  • Active Directory: for Active Directory LDAP servers
  • Other: for other LDAP servers, such as OpenLDAP
Table 2. LDAP server settings
Parameter Description Values
Connection URL Specifies IP address of the LDAP server and the port on which it is running.
Use TLS Enables the use of StartTLS when using regular LDAP (not LDAPS).

This flag can only be enabled for the regular LDAP protocol, as it only applies in that case. If this parameter is enabled with LDAPS, the connection to the LDAPS server fails.

 Default: disabled
Bind Type Specifies how a user authenticates.
  • simple: a user authenticates with the values for Bind DN and Bind Credential
  • none: use anonymous connections to LDAP
Bind DN Specifies the distinguished name (DN) of an LDAP admin user to connect to LDAP. string
Bind Credential Specifies the admin password.

If the Bind Type parameter is set to simple, this password is used to authenticate
User DN Specifies the full DN of the LDAP tree where the users can be found in the LDAP server. Fully qualified domain name
Username LDAP attribute Specifies the name of the attribute that must be used as the username within the Fabric Services System. Dynamically filled based on the value of the Vendor parameter, but is editable:
  • Active Directory: cn
  • Other: uid

Usually the user ID, uid
RDN LDAP Attribute

Specifies name of the LDAP attribute used for the relative distinguished name of a typical user DN.

 Dynamically filled based on the value of the Vendor parameter, but is editable:
  • Active Directory: cn
  • Other: uid

Usually the user ID, uid
UUID LDAP Attribute Shows the name of the LDAP attribute that is used as a unique identifier for objects in LDAP. Dynamically filled based on the value of the Vendor parameter, but is editable:
  • Active Directory: objectGUID
  • Other: entryUUID

Usually the user ID, uid
User Object Classes Specify a comma-separated list of user object classes used by LDAP to identify a user. Users can only be found if they have these object classes. Dynamically filled based on the value of the Vendor parameter, but is editable:
  • Active Directory: person, organizationalPerson, user
  • Other: inetOrgPerson, organizationalPerson
Custom User LDAP Filter Specify the filter to select the users that should be synchronized. Filter string, enclosed in parentheses ()
Search Scope Specifies the type of search. One Level or Subtree
Table 3. Advanced settings
Parameter Description Values
Connection Timeout Specifies the LDAP server connection timeout, in milliseconds. Default: 0
Read Timeout Specifies the LDAP read timeout, in milliseconds. Default: 0
Pagination Specifies whether the Federation Provider supports pagination when fetching users. Default: enabled
Sync Batch Size Specifies the number of users to synchronize from the LDAP server in a single transaction. Default: 1000