Status
Stable. Works well.
This is the recommended connector to connect midPoint with the LDAP servers.
Description
Connector for LDAP-based directory servers. Complete rewrite based on Apache Directory API. Apache-licensed.
The LDAP connector bundle also contains connectors for Active Directory and eDirectory. These connectors are specializations of the LDAP connector and supports the LDAP quirks needed to work with AD and eDirectory.
This is an LDAP connector completely rewritten from scratch. It is using Apache Directory API and it is designed and built to work with recent ConnId versions and to take all the advantages of that. This is the supported and recommended LDAP and AD connector for midPoint. The old LDAP and AD connectors are now deprecated.
Protocol | LDAP or LDAPS |
|---|---|
Framework | ConnId 1.4.x |
Bundle name | com.evolveum.polygon.connector-ldap |
Connector name | com.evolveum.polygon.connector.ldap.LdapConnector |
Capabilities and Features
Provisioning | YES |
|
|---|---|---|
Live Synchronization | YES | For LDAP servers that support Sun-style changelog (Retro ChangeLog) or modifyTimestamp. AD DirSync synchronization supported. |
Password | YES |
|
Activation | PARTIAL | No activation for generic LDAP as there is not LDAP standard for that. This can be simulated in midPoint. |
Filtering changes |
| currently limited |
Paging support | YES | Simple Paged Results and VLV |
| Native attribute names | YES | Use ri:dn instead of icfs:name Use ri:entryUUID instead of icfs:uid |
History
This is an LDAP connector completely rewritten from scratch during 2015. It was significantly improved in 2016.
Versions
Version | Origin | Binary | Sources | Build Date | Framework version | Bundled with midPoint | Description |
|---|---|---|---|---|---|---|---|
1.4.1.23 | Polygon | August 2015 | experimental | ||||
| 1.4.2.0 | Polygon | December 2015 | 1.4.2.0 | LDAP stable, AD experimental | |||
| 1.4.2.14 | Polygon | April 2016 | 1.4.2.14 | 3.3.1 | Stable. | ||
| 1.4.2.15 | Polygon | April 2016 | 1.4.2.14 | Stable. | |||
| 1.4.2.16 | Polygon | download jar | GitHub | June 2016 | 1.4.2.14 | Stable. Fixes timeout errors and resource leaks during AD connector resets. | |
| 1.4.2.17 | Polygon | download jar | GitHub | June 2016 | 1.4.2.14 | 3.4 | Stable. Minor fixes. |
| 1.4.2.18 | Polygon | download jar | GitHub | September 2016 | 1.4.2.14 | 3.4.1 | Stable. Minor improvements. |
| 1.4.2.19 | Polygon | download jar | GitHub | October 2016 | 1.4.2.18 | Stable. Minor improvements. | |
| 1.4.3 | Polygon | download jar | GitHub | December 2016 | 1.4.2.18 | 3.5 | Stable. Minor improvements. |
| 1.4.4 | Polygon | download jar | GitHub | April 2017 | 1.4.2.18 | 3.5.1 | Stable. CredSSP and Exchange powershell support, bugfixes, minor improvements. |
| 1.4.5 | Polygon | download jar | GitHub | 3rd July 2017 | 1.4.2.18 | 3.6 | Stable. Powershell bugfixes, minor improvements. |
Interoperability
In theory the connector should work with any LDAPv3 compliant LDAP server. However, many servers claim LDAPv3 compliance while the reality is far from ideal. The connector supports "quirks" of several popular LDAP servers and it tolerates some violations of LDAPv3 standards.
The connector was successfully tested with the following LDAP servers:
- OpenLDAP
- OpenDJ
- 389 directory server
- Active Directory (in a form of Active Directory Connector (LDAP))
- eDirectory (in a form of eDirectory Connector)
If you are using this connector with a different directory server please let us know. We would like to know both about the positive and negative experiences.
Documentation