default_ldap_tenant

Required for multi-tenancy installation. Specifies the default tenant assignment for contacts imported from LDAP. You must use the tenant UUID when setting the Option Value field.

Note: You can get the tenant UUID from a database query. For example, "SELECT * FROM ca_tenant".

ldap_enable

Yes

Required. Enables LDAP integration with CA SDM.

ldap_host

Required. Specifies the LDAP database server host name or IP address.

ldap_port

389

Required. Specifies the LDAP server port number.

ldap_dn

Required. Specifies the LDAP server logon distinguishedName.

Example: CN=Joe, CN=Users, DC=KLAND, DC=AD, DC=com

If the LDAP server supports anonymous binds, this value can be empty.

ldap_pwd

Required. Specifies the password for LDAP server logon distinguishedName.

If the LDAP server supports anonymous binds, this value can be empty.

ldap_search_base

Required. Specifies the starting point for searches in the LDAP schema tree:

(UNIX) You must specify a starting container. For example:

CN=Users, DC=KLAND, DC=AD, DC=com

(Windows) You do not have to specify a container. You may start at the top of the schema tree. For example:

DC=KLAND, DC=AD, DC=com

ldap_filter_prefix

(&(objectClass=

user)

Specifies the prefix applied to an automatically generated filter when searching for LDAP users.

Note: This variable has been superseded by the ldap_user_object_class option. It is not available in Options Manager, but can be set manually in the NX.env file.

ldap_filter_suffix

)

Specifies the suffix applied to an automatically generated filter when searching for LDAP users.

Note: This variable has been superseded by the ldap_user_object_class option. It is not available in Options Manager, but can be set manually in the NX.env file.

ldap_user_object_
class

person

Required. Specifies the value of the LDAP objectClass attribute applied to an automatically generated filter when searching for LDAP users.

ldap_enable_group

Yes

Optional. Enables CA SDM access type assignment based on LDAP group membership.

ldap_group_object_
class

group

Required only if the ldap_enable_group is installed. Specifies the object name applied to an automatically generated filter when searching for groups.

ldap_group_filter_
prefix

(&(objectClass=

group)

Specifies the prefix applied to an automatically generated filter when searching for LDAP groups.

Note: This variable has been superseded by the ldap_group_object_class option. It is not available in Options Manager, but can be set manually in the NX.env file.

ldap_group_filter_
suffix

)

Specifies the suffix applied to an automatically generated filter when searching for LDAP groups.

Note: This variable has been superseded by the ldap_group_object_class option. It is not available in Options Manager, but can be set manually in the NX.env file.

ldap_enable_auto

Yes

Optional. Enables auto generation of contact records from LDAP data.

ldap_sync_on_null

Yes

Optional. Overwrites existing CA SDM contact attributes with null data if the corresponding LDAP user attribute contains a null value.

ldap_service_type

Active Directory

Optional. Use this option if the CA SDM operating environment is Windows and the LDAP directory is not Active Directory (for example, eTrust or Novell).

Note: On UNIX operating environment, "Non AD" functionality is used only if this option is not installed. If it is installed, the service type is set to Active Directory.

ldap_enable_tls

No

Optional. Specifies whether Transport Layer Security (TLS) is enabled during LDAP processing.