Skip to end of metadata
Go to start of metadata

Status

Stable. Works well.

This is the recommended connector to connect midPoint with the LDAP servers.

Description

Connector for LDAP-based directory servers. Complete rewrite based on Apache Directory API. Apache-licensed.

The LDAP connector bundle also contains connectors for Active Directory and eDirectory. These connectors are specializations of the LDAP connector and support the LDAP quirks needed to work with AD and eDirectory.

This is an LDAP connector completely rewritten from scratch in 2015. It is using Apache Directory API and it is designed and built to work with recent ConnId versions and to take all the advantages of that. This is the supported and recommended LDAP and AD connector for midPoint. The old LDAP and AD connectors are now deprecated and they are no longer supported.

Protocol

LDAP or LDAPS

Framework

ConnId 1.4.x

Bundle name

com.evolveum.polygon.connector-ldap

Connector name

com.evolveum.polygon.connector.ldap.LdapConnector

Capabilities and Features

Provisioning

YES

 

Live Synchronization

YES

For LDAP servers that support Sun-style changelog (Retro ChangeLog) or modifyTimestamp.

AD DirSync synchronization supported.

Password

YES

 

Activation

PARTIAL

No activation for generic LDAP as there is not LDAP standard for that. This can be simulated in midPoint.
Activation for AD and eDirectory is supported.

Filtering changes

 

currently limited

Paging support

YES

Simple Paged Results and VLV

Native attribute namesYES

Use ri:dn instead of icfs:name

Use ri:entryUUID instead of icfs:uid

History

This is an LDAP connector completely rewritten from scratch during 2015. It was significantly improved in following years. Currently the LDAP connector is perfectly stable and tested in many deployments. It can be used with a variety o LDAP servers, including exotic and obsolete systems.

Versions

Version

Origin

Binary

Sources

Build Date

Framework versionBundled with midPoint

Description

1.4.1.23

Polygon

download jar

GitHub

August 2015

  

Experimental version.

1.4.2.0Polygon

download jar

GitHub

December 20151.4.2.0 

LDAP stable, AD experimental

1.4.2.14Polygon

download jar

GitHub

April 20161.4.2.143.3.1Stable.
1.4.2.15Polygon

download jar

GitHub

April 20161.4.2.14 Stable.
1.4.2.16Polygondownload jarGitHubJune 20161.4.2.14 Fixes timeout errors and resource leaks during AD connector resets.
1.4.2.17Polygondownload jarGitHubJune 20161.4.2.143.4Minor fixes.
1.4.2.18Polygondownload jarGitHubSeptember 20161.4.2.143.4.1Minor improvements.
1.4.2.19Polygondownload jarGitHubOctober 20161.4.2.18 Minor improvements.
1.4.3Polygondownload jarGitHubDecember 20161.4.2.183.5Minor improvements.
1.4.4Polygondownload jarGitHubApril 20171.4.2.183.5.1CredSSP and Exchange powershell support, bugfixes, minor improvements.
1.4.5Polygondownload jarGitHub3rd July 20171.4.2.183.6Powershell bugfixes, minor improvements.
1.5Polygondownload jarGitHub4th October 20171.4.2.183.6.1More powershell execution alternatives and improvements, alternative auxiliary object class detection, explicit object class filter, configurable timestamp presentation, better error messages.

Interoperability

In theory the connector should work with any LDAPv3 compliant LDAP server. However, many servers claim LDAPv3 compliance while the reality is far from ideal. The connector supports "quirks" of several popular LDAP servers and it tolerates some violations of LDAPv3 standards.

The connector supports following servers (assuming reasonably recent versions of the servers):

In addition to this the connector was successfully tested with the following LDAP servers:

  • ForgeRock OpenDJ / wren:DS
  • 389 directory server / Red Hat Directory Server / Fedora Directory Server
  • Oracle Directory Server Enterprise Edition (DSEE) / Sun One / Sun Java System / iPlanet Directory Server
  • eDirectory (in a form of eDirectory Connector)
  • ViewDS

We know that the connector works with these servers and they are supported in some midPoint deployments. However, support for these servers is not part of standard midPoint subscription and it has to be negotiated separately.

If you are using this connector with a different directory server please let us know. We would like to know both about the positive and negative experiences.

Documentation

See LDAP Connector Documentation

Resource Examples

See Also

  • No labels