Skip to content

LDAP / LDAP-S for Data Access User Synchronization#

This topic covers how you can configure the Privacera Platform to attach and import users and groups defined in an external Active Directory (AD), LDAP, or LDAPS (LDAP over SSL)) directory as data access users and groups.

Privacera requires a certificate to connect to an SSL-enabled LDAP-S server. To configure this, you can do one of the following:

  • Allow Privacera Manager to download and create the certificate based on the LDAP-S server URL.

  • Provide a truststore certificate manually, which contains the certificate of the LDAP-S server.

Configuration

  1. SSH to instance as ${USER}.

  2. Run the following commands. For property details and description, click here.

    USERSYNC_SYNC_LDAP_URL: "<PLEASE_CHANGE>"
    USERSYNC_SYNC_LDAP_BIND_DN: "<PLEASE_CHANGE>"
    USERSYNC_SYNC_LDAP_BIND_PASSWORD: "<PLEASE_CHANGE>"
    USERSYNC_SYNC_LDAP_SEARCH_BASE: "<PLEASE_CHANGE>"
    USERSYNC_SYNC_LDAP_USER_SEARCH_BASE: "<PLEASE_CHANGE>"
    USERSYNC_SYNC_LDAP_SSL_ENABLED: "true"
    USERSYNC_SYNC_LDAP_SSL_PM_GEN_TS: "true"
    
  3. Run Privacera Manager update.

    cd ~/privacera/privacera-manager 
    ./privacera-manager.sh update
    

Last update: July 23, 2021