Version: 10.2

Configuring LDAP Collector

The Open iT LDAPCollector collects Active Directory information and sends them over to the server. This allows the server installation in the cloud to integrate the Active Directory to their reports.

Activating LDAP Data Collection

Windows
Unix

Open a command prompt with Administrator level privileges.
Go to the bin directory, which is by default in C:\Program Files\OpeniT\Core\bin, run the command:
Command Syntax
```
cd $BIN_DIR
```
Example
```
cd C:\Program Files\OpeniT\Core\bin
```
Once in the directory, activate the collection of LDAP data, run the command:
Command Syntax
```
openit_oconfinit -u "collect_ldap.root.scheduler.jobs.collect_ldap.general.active=true"
```

Go to the bin directory, which is by default in /opt/openit/bin, run the command:
Command Syntax
```
cd $BIN_DIR
```
Example
```
cd /opt/openit/bin
```
Once in the directory, activate the collection of LDAP data, run the command:
Command Syntax
```
./openit_oconfinit -u "collect_ldap.root.scheduler.jobs.collect_ldap.general.active=true"
```

Verifying LDAP Collector Configuration

Follow these steps to manually check if the configuration works:

Windows
Unix

Open a command prompt with Administrator level privileges.
Go to the bin directory, which is by default in C:\Program Files\OpeniT\Core\bin, run the command:
Command Syntax
```
cd $BIN_DIR
```
Example
```
cd C:\Program Files\OpeniT\Core\bin
```
Once in the directory, run the command:
Command Syntax
```
openit_confbuilder --client
```
Run the LDAP collector binary:
Command Syntax
```
openit_ldapcollector
```
Make sure no errors are encountered.
Verify that there is an ldap_data.tsv file created in the server's LdapCollector directory, which is by default in C:\Program Files\OpeniT\Core\Log\temp\LdapCollector.

Go to the bin directory, which is by default in /opt/openit/bin, run the command:
Command Syntax
```
cd $BIN_DIR
```
Example
```
cd /opt/openit/bin
```
Once in the directory, run the command:
Command Syntax
```
./openit_confbuilder --client
```
Run the LDAP collector binary:
Command Syntax
```
./ldapcollector
```
Make sure no errors are encountered.
Verify that there is an ldap_data.tsv file created in the server's LdapCollector directory, which is by default in /var/opt/openit/temp/LdapCollector.

Configuring LDAP Settings

Windows
Unix

Go to the Components directory, which is by default in C:\Program Files\OpeniT\Core\Configuration\Components, and open ldapcollector.xml.

Locate the object node url and specify the LDAP Server URL to connect to.

ldapcollector.xml
<Object>
     <Name>url</Name>
     <Description>Optional in windows. Required in UNIX. The ldap server url to connect to. If none are specified, it will find the default domain controller and port of the machine where the application is running on.
     It will also use the RootDSE's DN as starting point for search.
     </Description>
     <Value type="String">LDAP:</Value>
</Object>

Accepted Format	Description
`LDAP:`	Binds to the root of the LDAP namespace
`LDAP://<hostname>`	Binds to a specific server
`LDAP://<hostname>:<port_number>` Binds to a specific server using the specified port number
`LDAP://<DistiguishedName>`	Binds to a specific object and start the search from that node
`LDAP://<hostname>/<DistiguishedName>`	Binds to a specific object through a specific server
`LDAP://<hostname>:<port_number>/<DistiguishedName>`	Binds to a specific object and start the search from that node through a specific server
`LDAP://<IPAddress>`	Binds to a specific IP address
`LDAP://<IPAddress>:<port_number>`	Binds to a specific IP address using the specified port number
`LDAP://<IPAddress>:<port_number>/<DistiguishedName>`	Binds to a specific object and start the search from that node through a specific IP address

Accepted url values

Examples

ldapcollector.xml | Format: LDAP://<hostname>
<Object>
    <Name>url</Name>
		<Description>Optional in windows. Required in UNIX. The ldap server url to connect to. If none are specified, it will find the default domain controller and port of the machine where the application is running on.
		It will also use the RootDSE's DN as starting point for search.
		</Description>
		<Value type="String">LDAP://server01</Value>
</Object>

ldapcollector.xml | Format: LDAP://<hostname>:<port_number>
<Object>
    <Name>url</Name>
		<Description>Optional in windows. Required in UNIX. The ldap server url to connect to. If none are specified, it will find the default domain controller and port of the machine where the application is running on.
		It will also use the RootDSE's DN as starting point for search.
		</Description>
		<Value type="String">LDAP://server01:390</Value>
</Object>

ldapcollector.xml | Format: LDAP://<DistiguishedName>
<Object>
    <Name>url</Name>
		<Description>Optional in windows. Required in UNIX. The ldap server url to connect to. If none are specified, it will find the default domain controller and port of the machine where the application is running on.
		It will also use the RootDSE's DN as starting point for search.
		</Description>
		<Value type="String">CN=Jeff Smith,CN=Users,DC=fabrikam,DC=com</Value>
</Object>

ldapcollector.xml | Format: LDAP://<hostname>/<DistiguishedName>
<Object>
 	<Name>url</Name>
		<Description>Optional in windows. Required in UNIX. The ldap server url to connect to. If none are specified, it will find the default domain controller and port of the machine where the application is running on.
		It will also use the RootDSE's DN as starting point for search.
		</Description>
		<Value type="String">LDAP://server01/CN=Jeff Smith,CN=Users,DC=fabrikam,DC=com</Value>
</Object>

ldapcollector.xml | Format: LDAP://<hostname>:<port_number>/<DistiguishedName>
<Object>
 		<Name>url</Name>
		<Description>Optional in windows. Required in UNIX. The ldap server url to connect to. If none are specified, it will find the default domain controller and port of the machine where the application is running on.
		It will also use the RootDSE's DN as starting point for search.
		</Description>
		<Value type="String">LDAP://server01:390/CN=Jeff Smith,CN=Users,DC=fabrikam,DC=com</Value>
</Object>

ldapcollector.xml | Format: LDAP://<IPAddress>
<Object>
 	<Name>url</Name>
		<Description>Optional in windows. Required in UNIX. The ldap server url to connect to. If none are specified, it will find the default domain controller and port of the machine where the application is running on.
		It will also use the RootDSE's DN as starting point for search.
		</Description>
		<Value type="String">LDAP://17.172.224.47</Value>
</Object>

ldapcollector.xml | Format: LDAP://<IPAddress>:<port_number>
<Object>
 	<Name>url</Name>
		<Description>Optional in windows. Required in UNIX. The ldap server url to connect to. If none are specified, it will find the default domain controller and port of the machine where the application is running on.
		It will also use the RootDSE's DN as starting point for search.
		</Description>
		<Value type="String">LDAP://17.172.224.47:390</Value>
</Object>

ldapcollector.xml | Format: LDAP://<IPAddress>:<port_number>/<DistiguishedName>
<Object>
 	<Name>url</Name>
		<Description>Optional in windows. Required in UNIX. The ldap server url to connect to. If none are specified, it will find the default domain controller and port of the machine where the application is running on.
		It will also use the RootDSE's DN as starting point for search.
		</Description>
		<Value type="String">LDAP://17.172.224.47:390/CN=Jeff Smith,CN=Users,DC=fabrikam,DC=com</Value>
</Object>

Locate the object node filter and set the filter to use for searching data.

ldapcollector.xml
<Object>
 	<Name>filter</Name>
		<Description>Optional. The filter use for searching data.</Description>
		<Value type="String">objectClass=User</Value>
</Object>

The default value is objectClass=User. Update the value by following either of the following format:

Format

(<attribute><operator><value>)

Format

(<operator><filter1><filter2>)

Examples

The sample filter value below processes all objects.

ldapcollector.xml
<Object>
 	<Name>filter</Name>
		<Description>Optional. The filter use for searching data.</Description>
		<Value type="String">(objectClass=\*) </Value>
	</Object>

The sample filter value below filters all user objects but not andy.

Example: ldapcollector.xml
<Object>
 	<Name>filter</Name>
		<Description>Optional. The filter use for searching data.</Description>
		<Value type="String">(&(objectClass=User)(!(CN=andy)))</Value>
</Object>

The sample filter value below filters all user objects with a surname that starts with sm.

Example: ldapcollector.xml
<Object>
 	<Name>filter</Name>
		<Description>Optional. The filter use for searching data.</Description>
		<Value type="String">(sn=sm\*)</Value>
</Object>

The sample filter value below filters all contacts with a surname equal to Smith or Johnson.

Example: ldapcollector.xml
<Object>
 	<Name>filter</Name>
		<Description>Optional. The filter use for searching data.</Description>
		<Value type="String">(&(objectClass=contact)(\|(sn=Smith)(sn=Johnson)))</Value>
</Object>

Locate the object node attribute and set the attribute values to retrieve.

ldapcollector.xml
<Object>
 	<Name>attribute</Name>
		<Description>Required. The attributes to retrieve</Description>
		<Value type="String">sAMAccountName,displayName,department,division,employeeType,l,mail,physicalDeliveryOfficeName,title</Value>
</Object>

The default value is sAMAccountName,displayName,department,division,employeeType,l, mail,physicalDeliveryOfficeName,title. Update the attribute separated by comma.

Example

attrib1,attrib2,...attribN

Accepted Attribute	Description
sAMAccountName	Logon Name (Pre Windows 2000)
displayName	Display Name
department	Department Name
division	Division Name
employeeType	Display Name
l	Location
mail	Email Address
physicalDeliveryOfficeName	Office
title	Job Title

Sample attribute Values

note

The default value of page-size, 1000, is the recommended value not to overload the Active Directory server.

Save the changes.
Go to the bin directory, which is by default in C:\Program Files\OpeniT\Core\bin, run the command:
Command Syntax
```
cd $BIN_DIR
```
Example
```
cd C:\Program Files\OpeniT\Core\bin
```
Update the configuration file, run the command:
Command Syntax
```
openit_confbuilder --client
```
Make sure that there are no errors encountered.

Go to the Components directory, which is by default in /var/opt/openit/etc/Components, and open ldapcollector.xml.

Locate the object node url and set the LDAP Server URL to connect to.

ldapcollector.xml
<Object>
     <Name>url</Name>
     <Description>Optional in windows. Required in UNIX. The ldap server url to connect to. If none are specified, it will find the default domain controller and port of the machine where the application is running on.
     It will also use the RootDSE's DN as starting point for search.
     </Description>
     <Value type="String">LDAP:</Value>
</Object>

Accepted Format	Description
`LDAP:`	Binds to the root of the LDAP namespace
`LDAP://<hostname>`	Binds to a specific server
`LDAP://<hostname>:<port_number>` Binds to a specific server using the specified port number
`LDAP://<DistiguishedName>`	Binds to a specific object and start the search from that node
`LDAP://<hostname>/<DistiguishedName>`	Binds to a specific object through a specific server
`LDAP://<hostname>:<port_number>/<DistiguishedName>`	Binds to a specific object and start the search from that node through a specific server
`LDAP://<IPAddress>`	Binds to a specific IP address
`LDAP://<IPAddress>:<port_number>`	Binds to a specific IP address using the specified port number
`LDAP://<IPAddress>:<port_number>/<DistiguishedName>`	Binds to a specific object and start the search from that node through a specific IP address

Accepted url values

Examples

ldapcollector.xml | Format: LDAP://<hostname>
<Object>
    <Name>url</Name>
		<Description>Optional in windows. Required in UNIX. The ldap server url to connect to. If none are specified, it will find the default domain controller and port of the machine where the application is running on.
		It will also use the RootDSE's DN as starting point for search.
		</Description>
		<Value type="String">LDAP://server01</Value>
</Object>

ldapcollector.xml | Format: LDAP://<hostname>:<port_number>
<Object>
    <Name>url</Name>
		<Description>Optional in windows. Required in UNIX. The ldap server url to connect to. If none are specified, it will find the default domain controller and port of the machine where the application is running on.
		It will also use the RootDSE's DN as starting point for search.
		</Description>
		<Value type="String">LDAP://server01:390</Value>
</Object>

ldapcollector.xml | Format: LDAP://<DistiguishedName>
<Object>
    <Name>url</Name>
		<Description>Optional in windows. Required in UNIX. The ldap server url to connect to. If none are specified, it will find the default domain controller and port of the machine where the application is running on.
		It will also use the RootDSE's DN as starting point for search.
		</Description>
		<Value type="String">CN=Jeff Smith,CN=Users,DC=fabrikam,DC=com</Value>
</Object>

ldapcollector.xml | Format: LDAP://<hostname>/<DistiguishedName>
<Object>
 	<Name>url</Name>
		<Description>Optional in windows. Required in UNIX. The ldap server url to connect to. If none are specified, it will find the default domain controller and port of the machine where the application is running on.
		It will also use the RootDSE's DN as starting point for search.
		</Description>
		<Value type="String">LDAP://server01/CN=Jeff Smith,CN=Users,DC=fabrikam,DC=com</Value>
</Object>

ldapcollector.xml | Format: LDAP://<hostname>:<port_number>/<DistiguishedName>
<Object>
 		<Name>url</Name>
		<Description>Optional in windows. Required in UNIX. The ldap server url to connect to. If none are specified, it will find the default domain controller and port of the machine where the application is running on.
		It will also use the RootDSE's DN as starting point for search.
		</Description>
		<Value type="String">LDAP://server01:390/CN=Jeff Smith,CN=Users,DC=fabrikam,DC=com</Value>
</Object>

ldapcollector.xml | Format: LDAP://<IPAddress>
<Object>
 	<Name>url</Name>
		<Description>Optional in windows. Required in UNIX. The ldap server url to connect to. If none are specified, it will find the default domain controller and port of the machine where the application is running on.
		It will also use the RootDSE's DN as starting point for search.
		</Description>
		<Value type="String">LDAP://17.172.224.47</Value>
</Object>

ldapcollector.xml | Format: LDAP://<IPAddress>:<port_number>
<Object>
 	<Name>url</Name>
		<Description>Optional in windows. Required in UNIX. The ldap server url to connect to. If none are specified, it will find the default domain controller and port of the machine where the application is running on.
		It will also use the RootDSE's DN as starting point for search.
		</Description>
		<Value type="String">LDAP://17.172.224.47:390</Value>
</Object>

ldapcollector.xml | Format: LDAP://<IPAddress>:<port_number>/<DistiguishedName>
<Object>
 	<Name>url</Name>
		<Description>Optional in windows. Required in UNIX. The ldap server url to connect to. If none are specified, it will find the default domain controller and port of the machine where the application is running on.
		It will also use the RootDSE's DN as starting point for search.
		</Description>
		<Value type="String">LDAP://17.172.224.47:390/CN=Jeff Smith,CN=Users,DC=fabrikam,DC=com</Value>
</Object>

Locate the object node filter and set the filter to use for searching data.

ldapcollector.xml
<Object>
 	<Name>filter</Name>
		<Description>Optional. The filter use for searching data.</Description>
		<Value type="String">objectClass=User</Value>
</Object>

The default value is objectClass=User. Update the value by following either of the following format:

Format

(<attribute><operator><value>)

Format

(<operator><filter1><filter2>)

Examples

The sample filter value below processes all objects.

ldapcollector.xml
<Object>
 	<Name>filter</Name>
		<Description>Optional. The filter use for searching data.</Description>
		<Value type="String">(objectClass=\*) </Value>
	</Object>

The sample filter value below filters all user objects but not andy.

Example: ldapcollector.xml
<Object>
 	<Name>filter</Name>
		<Description>Optional. The filter use for searching data.</Description>
		<Value type="String">(&(objectClass=User)(!(CN=andy)))</Value>
</Object>

The sample filter value below filters all user objects with a surname that starts with sm.

Example: ldapcollector.xml
<Object>
 	<Name>filter</Name>
		<Description>Optional. The filter use for searching data.</Description>
		<Value type="String">(sn=sm\*)</Value>
</Object>

The sample filter value below filters all contacts with a surname equal to Smith or Johnson.

Example: ldapcollector.xml
<Object>
 	<Name>filter</Name>
		<Description>Optional. The filter use for searching data.</Description>
		<Value type="String">(&(objectClass=contact)(\|(sn=Smith)(sn=Johnson)))</Value>
</Object>

Locate the object node attribute and set the attribute values to retrieve.

ldapcollector.xml
<Object>
 	<Name>attribute</Name>
		<Description>Required. The attributes to retrieve</Description>
		<Value type="String">sAMAccountName,displayName,department,division,employeeType,l,mail,physicalDeliveryOfficeName,title</Value>
</Object>

The default value is sAMAccountName,displayName,department,division,employeeType,l, mail,physicalDeliveryOfficeName,title. Update the attribute separated by comma.

Example

attrib1,attrib2,...attribN

Accepted Attribute	Description
sAMAccountName	Logon Name (Pre Windows 2000)
displayName	Display Name
department	Department Name
division	Division Name
employeeType	Display Name
l	Location
mail	Email Address
physicalDeliveryOfficeName	Office
title	Job Title

Sample attribute Values

note

The default value of page-size, 1000, is the recommended value not to overload the Active Directory server.

Save the changes.
Go to the bin directory, which is by default in /var/opt/openit/etc/Components, run the command:
Command Syntax
```
cd $BIN_DIR
```
Example
```
cd /opt/openit/bin
```
Once in the directory, update the configuration file, run the command:
Command Syntax
```
./openit_confbuilder --client
```
Make sure that there are no errors encountered.

Next Steps?

After configuring the LDAP Collector, proceed with the mapping configurations in the Core Server web interface.

Mapping

Activating LDAP Data Collection​

Verifying LDAP Collector Configuration​

Configuring LDAP Settings​

Examples​

Examples​

Examples​

Examples​

Next Steps?​

Activating LDAP Data Collection

Verifying LDAP Collector Configuration

Configuring LDAP Settings

Examples

Examples

Examples

Examples

Next Steps?