Documentation

This transformer transforms incoming users by querying an Active Directory or an LDAP server. This is for instance reasonable if you have an on-premises system which does not offer e-mail addresses as user ids.

Configuration

1. Host or global catalog: please add the FQDN of an ldap server in this field. Please do not add a port.

2. Port: here you can add the port. Common ports are 3269 for the global catalog with SSL and 636 for Active Directory with SSL.

3. Use SSL: enable this to use SSL with the ports given above

4. Subtree to search through: this is the base DN for the subtree, where you expect your users stored in the forest.

5. Login user: the connector uses a named user to authenticate against the Active Directory. The user must not come with rotating passwords.

6. Password: this is the according password.

7. Field to use as search query: based on this field, the transformer will issue the query. The query is <field>=<user.alias>. The result will then be used in the next step for further processing.

8. Filter query to search only the right objects: here you should add an object class to limit the result sets.

9. Field to replace the username with: this is the attribute which the transformer should use for replacing the alias with.