Configuring the LDAP Directory
This section provides an overview of LDAP directory configuration and discusses how to:
Specify network information for LDAP.
Specify additional connect DNs.
Install selected PeopleSoft-specific schema extensions.
Understanding LDAP Directory Configuration
The Configure Directory component (PSDSSETUP) contains four pages that you use for specifying connection information and testing directory server connections.
To enable your PeopleSoft system to successfully connect to your directory server, you must enter the appropriate connection information. This information includes the server name (DNS or IP address) and the listening port number. You also must enter the user distinguished name (User DN) and associated password.
The PeopleSoft application server uses the User DN and password to connect to the LDAP server to retrieve user profile information about the specific user signing in to the system. The User DN must reflect a user with the appropriate LDAP browse rights.
Specifying Network Information for LDAP
Access the Configure Directory - Directory Setup page (select Directory Setup tab).and click the
Image: Configure Directory - Directory Setup page
This example illustrates the fields and controls on the Configure Directory - Directory Setup page.
- Directory ID
Displays the directory connection that you are creating. The directory ID that you enter can identify a specific LDAP server or a collection of LDAP servers, depending on how many servers you add in the Server Name section.
Enter a description of the directory connection.
- Directory Product
Select your directory product from the list of options.
- Default Connect DN (default connect distinguished name)DNsconnecting to LDAP servers
Displays the default connect DN associated with the directory ID that you entered or selected on the initial search page. The connect DN is the ID that you can use to connect to the directory server. You can enter an alternative connect DN.
Enter the password associated with the directory-based account that appears in the Default Connect DN field.
Note: The password is stored in encrypted form in the database; not even individuals with administration access to the database can view the password.
- Server Name
Add LDAP directory servers to a connection list. You can add multiple servers for failover purposes using the plus button. All servers you add must participate in the same directory service.
- LDAP Server
Identify a specific LDAP server. You can use the DNS name or you can use IP address dotted notation. For example, either of the following formats is acceptable: ldap12.yourcompany.com or 22.214.171.124.
Enter the port number on which the LDAP server is configured to receive search requests. The standard LDAP port is 389. If you do not specify the correct port, PeopleSoft Directory Interface cannot exchange data with your LDAP server.
- SSL Port
If you are implementing SSL, enter the SSL port on the LDAP server.
Specifying Additional Connect DNs
Access the Additional Connect DN’s page (select Additional Connect DN's tab).and click the
Image: Configure Directory - Additional Connect DN's page
This example illustrates the fields and controls on the Configure Directory - Additional Connect DN's page.
The PeopleSoft application server uses the user DN and password specified on this page to connect to the LDAP server to retrieve user profile information about the specific user signing in to the system. The user DN must reflect a user with the appropriate LDAP browse rights.
Note: You will not see any available schema extensions unless you have installed the PeopleSoft Directory Interface.
- User DN
Add any DNs that you need in addition to the default connect DN that you entered on the Directory Setup page. The default user ID is most likely an administrative ID. This value enables you to set up a more secure user ID for the scope of the mapping.
For each additional DN that you enter, add the corresponding password.
Installing Selected PeopleSoft-Specific Schema Extensions
Access the Schema Management page (select Schema Management tab).and click the
Image: Configure Directory - Schema Management page
This example illustrates the fields and controls on the Configure Directory - Schema Management page.
Note: Unless you have installed the PeopleSoft Directory Interface product, you might not have any PeopleSoft schema extensions available to you.
Note: The Schema Management page enables you to add PeopleSoft-delivered object classes and attribute types to your directory. If you add attributes and object classes using the Schema Management page, you must also delete them using this page.
Select this check box to apply the selected schema extension type to your directory.
Displays the type of schema extension, either Object Class or Attribute Type.
Displays the schema extension name.
- Object Identifier
Displays the schema extension object identifier. The sequence 126.96.36.199.4.1.2810.20 identifies the object as a PeopleSoft object. The second to last number is either a 1 or a 2. A 1 indicates an object class type and a 2 indicates an attribute type. The last number indicates the sequence in which the extension was created.
Displays the number of times the schema extension was revised.
Click to display details about the selected schema extension in the Details region at the bottom of the page.
- Select All
Click to select all the schema extensions to apply to your directory.
- Deselect All
Click to deselect every schema extension.
Click to apply the selected schema extensions to your directory.
When you click a schema extension Details button, the system displays the details of that extension. In addition to the object identifier and name, you may also be interested in the Superiors detail, which indicates which extensions, if any, are above this one in the hierarchy. Also of interest is the Type detail, which indicates whether the schema extension is a mandatory, optional, or auxiliary extension.
Schema Cache Information
For convenience, you can use the Schema Cache Process link to transfer you to the Schema Cache page so that you can invoke the Schema Cache process. Last Update Date/Time and Last Update User ID enable you to monitor the frequency of updates as well as the last administrator to run the process.
Access the Test Connectivity page (selectand click the Test Connectivity tab).
Image: Configure Directory - Test Connectivity page
This example illustrates the fields and controls on the Configure Directory - Test Connectivity page.
The page displays the results (SUCCESS or FAIL) of the connectivity test. If connectivity fails, modify the connect information on the Directory Setup and Additional Connect DN’s pages.