Extended LDAP definition at hub configuration

Idea created by gregor.wolf on Oct 28, 2016
    New
    Score30

    In a large UIM environment where hubs are configured with LDAP authentication following errors were seen in hub.log files:

     

    LDAP attribute [userPrincipalName] could not be validated and
    checking ldap config: ldap_search_ext_s: 'Size limit exceeded'

     

    Increasing the size limit by changing MaxPageSize in Active Directory was not recommended by Microsoft (https://technet.microsoft.com/en-us/library/aa998536%28v=exchg.80%29.aspx).

    The problem can be avoided by defining a more tightened filter in LDAP Settings of hub configuration:

     

    old:
    Group Container (DN)
    OU=xxxxx,OU=******_Gruppen,OU=Gruppen,OU=******,OU=xxxxxxx,DC=xxxx,DC=******,DC=de
    User Container (DN)
    OU=Benutzer,OU=******,OU=Ressort,DC=******,DC=xxxx,DC=de

     

    new:
    Group Container (DN)
    OU=xxxx_Sicherheit,OU=_***,OU=xxxxx,OU=******_Gruppen,OU=Gruppen,OU=******,OU=xxxxxxx,DC=xxxx,DC=******,DC=de
    User Container (DN)
    OU=xxxxxxx_Profile,OU=Benutzer,OU=******,OU=Ressort,DC=******,DC=xxxx,DC=de

     

    Unfortunately the new definition limits the user and groups, because actually only one Group/User Container can be defined. It should be possible to define more than one branch, maybe separated by ";" to avoid this limitation.

     

     

    Idea opened on customer request.