LDAP Agent Configuration
To open the LDAP collection agent configuration, click Build → New Configuration . Select Workflow from the Configurations dialog. When prompted to Select workflow type , select Realtime. Click Add agent and select LDAP in the Processing tab in the Agent Selection dialog. Double-click the agent icon or right-click the icon and select Edit agent , to display the Agent Configuration dialog.
The LDAP agent configuration has three tabs: Connections, Advanced and Security.
Connections Tab
LDAP agent configuration - Connections tab
The routing logic that you can select in the Connections tab applies to creating new connections. A connection pool is created towards the server nodes listed in the agent configuration. When the pool receives a new request and all of the already established connections are busy, then a new connection is established following the selected routing logic. You can choose between Round Robin and Failover.
Setting | Description |
---|---|
Routing Algorithms Settings | |
RoundRobin | If you choose Round Robin routing logic, the next server node from the list specified in the agent configuration is used to establish the connection. This is the default logic. |
Failover | If you choose Failover routing logic, the primary server node is used to establish all the connections until the pool realizes that the server node is down. When it fails a second server is used, then the third, etc. |
Server Nodes Setting | |
Host | Enter the host name or IP address for the LDAP server node. |
Port | Enter the port number for the LDAP server node. |
Note!
If you use external references, you must provide hosts and ports in coma separated syntax: <host1>:<port1>,<host2>:<port2>.
Advanced Tab
LDAP agent configuration - Advanced tab
Setting | Description |
---|---|
Connection Settings | |
Max Connections | Enter the maximum number of concurrent connections permitted towards the LDAP servers. The default value is 2. |
Max Connection Age (ms) | Enter the maximum amount of time in milliseconds that an LDAP connection can exist before closing it. The default value is 60000 milliseconds. |
Max Connection Wait Time (ms) | Enter the maximum amount of time in milliseconds that you want the agent to wait for a connection to become available from the pool. The default value is 1000 milliseconds. If the maximum amount of time set is exceeded, an exception is thrown which is written to the pico log. No attempt is made to retry the operation. |
Connection Timeout (ms) | Enter the connection timeout in milliseconds before assuming that the initial attempt to connect to the LDAP server is unsuccessful. The default value is 100 milliseconds. If the amount of time set is exceeded, an exception is thrown which is written to the pico log. |
Pending Answers Limit | Enter the maximum number of operations that can be active per connection. When this limit is reached, the connection stops accepting new requests and waits for all of the answers to arrive and it is checked by the pool. The default value is 1000. |
Pool Check Interval (ms) | Enter the time interval, in milliseconds, that you want to wait before checking the pool state after it has been marked as invalid. Invalid means no idle connections are available and all connections that are currently in use are invalid, or the pending answers limit has been exceeded for all of the connections. The default value is 2000 milliseconds. |
Operation Settings | |
Number of Retries | Enter the maximum number of retries permitted for an unsuccessful operation. The default value is 0. To enable retries you must select a value of 1 or more. |
Retry Interval (ms) | Enter the time interval, in milliseconds, that you want to wait before retrying an unsuccessful operation. The default and maximum value is 1000 milliseconds. If the server is overloaded, the delay interval doubles for each retry until the maximum value of 1000 milliseconds is reached. |
Max Throughput (Ops/sec) | Enter the maximum number of operations per second sent to be sent to the LDAP server. If you enter the value of 0, the number of operations per second is unlimited. |
Operation Timeout (ms) | Enter the maximum amount of time in milliseconds permitted after sending a request to the LDAP server without receiving a response, before the request times out. The default value is 5000 milliseconds. If the maximum amount of time set is exceeded, an exception is thrown which is written to the pico log. If you have entered a value for the Number of Retries option, the operation request will be sent again. Otherwise, the operation request will be ignored. |
Enable Request ID | If you want to be able to abandon an operation, you must select this check box. An identifier embedded in an For further information on LDAP Agent UDRs, see LDAP Agent UDRs. |
Security Tab
LDAP agent configuration - Security tab
Setting | Description |
---|---|
Security Principal | You can enter a security principal to use to bind to the LDAP server. If this field and the Security Credentials field are not populated, the LDAP server is connected to without authentication. |
Security Credentials | You can enter the security credentials for the specified security principal. If this field and the Security Principal field are not populated, the LDAP server is connected to without authentication. |
Enable TLS | Select this check box if you want to enable TLS security. If you select this check box, the Keystore and Keystore Password fields are available. If you enable this check box and leave the Keystore and/or Keystore Password fields empty, a TLS connection is created without a certificate. |
Keystore | Enter the full path to the keystore file that you want to use. The keystore file must be in .jks format. This field is optional. If you leave this field empty, a TLS connection is created without a certificate. |
Keystore Password | Enter the password for the selected keystore file. This field is optional. If you leave this field empty, a TLS connection is created without a certificate. |
The following command can be used to create a keystore with the Java keytool program:
$ keytool -keystore clientkeystore -genkey -alias client
Keytool prompts for required information such as identity details and password. Note that the keystore password must be the same as the key password.