Status
Stable. Works well.
This is the recommended connector to connect midPoint with the LDAP servers.
Description
Connector for LDAP-based directory servers. Complete rewrite based on Apache Directory API. Apache-licensed.
The LDAP connector bundle also contains connectors for Active Directory and eDirectory. These connectors are specializations of the LDAP connector and support the LDAP quirks needed to work with AD and eDirectory.
This is an LDAP connector completely rewritten from scratch in 2015. It is using Apache Directory API and it is designed and built to work with recent ConnId versions and to take all the advantages of that. This is the supported and recommended LDAP and AD connector for midPoint. The old LDAP and AD connectors are now deprecated and they are no longer supported.
Protocol | LDAP or LDAPS |
|---|---|
Framework | ConnId 1.5.x |
Bundle name | com.evolveum.polygon.connector-ldap |
Connector name | com.evolveum.polygon.connector.ldap.LdapConnector |
Capabilities and Features
Provisioning | YES | |
|---|---|---|
Live Synchronization | YES | For LDAP servers that support Sun-style changelog (Retro ChangeLog) or modifyTimestamp. AD DirSync synchronization supported. |
Password | YES | |
Activation | PARTIAL | No activation for generic LDAP as there is not LDAP standard for that. This can be simulated in midPoint. |
Filtering changes | currently limited | |
Paging support | YES | Simple Paged Results and VLV |
| Native attribute names | YES | Use ri:dn instead of icfs:name Use ri:entryUUID instead of icfs:uid |
History
This is an LDAP connector completely rewritten from scratch during 2015. It was significantly improved in following years. Currently the LDAP connector is perfectly stable and tested in many deployments. It can be used with a variety o LDAP servers, including exotic and obsolete systems.
Versions
Version | Origin | Binary | Sources | Build Date | Framework version | Bundled with midPoint | Description |
|---|---|---|---|---|---|---|---|
1.4.1.23 | Polygon | August 2015 | Experimental version. | ||||
| 1.4.2.0 | Polygon | December 2015 | 1.4.2.0 | LDAP stable, AD experimental | |||
| 1.4.2.14 | Polygon | April 2016 | 1.4.2.14 | 3.3.1 | Stable. | ||
| 1.4.2.15 | Polygon | April 2016 | 1.4.2.14 | Stable. | |||
| 1.4.2.16 | Polygon | download jar | GitHub | June 2016 | 1.4.2.14 | Fixes timeout errors and resource leaks during AD connector resets. | |
| 1.4.2.17 | Polygon | download jar | GitHub | June 2016 | 1.4.2.14 | 3.4 | Minor fixes. |
| 1.4.2.18 | Polygon | download jar | GitHub | September 2016 | 1.4.2.14 | 3.4.1 | Minor improvements. |
| 1.4.2.19 | Polygon | download jar | GitHub | October 2016 | 1.4.2.18 | Minor improvements. | |
| 1.4.3 | Polygon | download jar | GitHub | December 2016 | 1.4.2.18 | 3.5 | Minor improvements. |
| 1.4.4 | Polygon | download jar | GitHub | April 2017 | 1.4.2.18 | 3.5.1 | CredSSP and Exchange powershell support, bugfixes, minor improvements. |
| 1.4.5 | Polygon | download jar | GitHub | 3rd July 2017 | 1.4.2.18 | 3.6 | Powershell bugfixes, minor improvements. |
| 1.5 | Polygon | download jar | GitHub | 4th October 2017 | 1.4.2.18 | 3.6.1 | More powershell execution alternatives and improvements, alternative auxiliary object class detection, explicit object class filter, configurable timestamp presentation, better error messages. |
| 1.5.1 | Polygon | download jar | GitHub | 11th December 2017 | 1.4.2.18 | 3.7, 3.7.1 | Release coupled with AD connector. |
| 1.6 | Polygon | download jar | GitHub | 4th May 2018 | 1.4.2.18 | 3.7.2, 3.8 | Release coupled with AD connector. |
| 1.6.1 | Polygon | download jar | GitHub | 17th April 2019 | 1.4.2.18 | TBD | Fix of security vulnerability: missing check of certificate validity. |
| 2.0 | Polygon | download jar | GitHub | 7th November 2018 | 1.5.0.0 | 3.9 | Native timestamp support. Support for delta-based updates. Additional search filter support. |
| 2.1 | Polygon | download jar | GitHub | 17th April 2019 | 1.5.0.0 | TBD | OpenLDAP access log synchronization (contributed by Jonathan Gietz) Object class handling improvements (contributed by Matthias Wolf) Experimental support for "language-tagged" attributes. Fix of security vulnerability: missing check of certificate validity. |
Interoperability
In theory the connector should work with any LDAPv3 compliant LDAP server. However, many servers claim LDAPv3 compliance while the reality is far from ideal. The connector supports "quirks" of several popular LDAP servers and it tolerates some violations of LDAPv3 standards.
The connector supports following servers (assuming reasonably recent versions of the servers):
- OpenLDAP
- Active Directory (in a form of Active Directory Connector (LDAP))
In addition to this the connector was successfully tested with the following LDAP servers:
- ForgeRock OpenDJ / wren:DS
- 389 directory server / Red Hat Directory Server / Fedora Directory Server
- Oracle Directory Server Enterprise Edition (DSEE) / Sun One / Sun Java System / iPlanet Directory Server
- eDirectory (in a form of eDirectory Connector)
- ViewDS
We know that the connector works with these servers and they are supported in some midPoint deployments. However, support for these servers is not part of standard midPoint subscription and it has to be negotiated separately.
If you are using this connector with a different directory server please let us know. We would like to know both about the positive and negative experiences.
Documentation
See LDAP Connector Documentation