RapidIdentity Product Guide: Legacy UI

Servers

The Servers tab allows administrators to configure organization-specific servers to use within RapidIdentity.  

Legacy_Servers_1.png
Table 186. Servers Fields

Field Name

Description

ID

The RapidIdentity internal id of the LDAP server.

Name

The name of the LDAP server. Used only to allow identification of different server connections within the settings.

Server Address

The server address refers to the server that hosts the LDAP directory. The entry can be a fully qualified domain name (e.g. ldapserver.example.com) or an IP address. It is important to verify that the networking infrastructure (i.e. firewalls, etc) allow communication between the RapidIdentity Portal server and the LDAP server referenced in this field.

Encryption Method

RapidIdentity Portal supports SSL and Start-TLS encryption types. The default setting is no encryption. Note that no certificate verification is performed when an encryption type is verified. This allows the secure use of self-signed certificates.

Port

The port number that the LDAP server is listening on. The default unencrypted port is 389 and the default encrypted port is 636.

Trust All Certificates

Administrators can toggle this option to facilitate troubleshooting. For example, if the box is checked and neither LDAPS nor StartTLS provide the green "Connection Test Passed" box, then a likely root cause is the certificate.

This option only displays when LDAPS or StartTLS is selected.

Bind DN or User

The specified user account must have sufficient access to the LDAP tree. This includes authenticating, reading, and writing to any DN specified in the configuration. Almost all LDAP operations are performed as this user.

Note

While write access may not be an absolute requirement some application functionality will be hindered without it.

The built-in object browser makes finding the value required for this field easier.

For Active Directory, this field should be either the userPrincipalName or <domain> \ <username> (e.g. what the user would normally use to log in to Windows) rather than the DN.

Bind Password

Corresponding password for the user specified above.

Base DN

Base DN for the LDAP server.

Test Connection and Certificate Settings

This button performs a real-time connection test based on the parameters provided to see if an LDAP connection can be established. Test results are displayed in a dialog box.



Legacy_Servers_2.png
Table 187. Advanced Options

Field Name

Description

Connection Timeout (seconds)

The maximum number of seconds that RapidIdentity Portal will wait for a valid connection to be established with the LDAP server.

Response Timeout (seconds)

The maximum number of seconds that RapidIdentity Portal will wait for a valid response from the LDAP server when performing LDAP operations.

Search Page Size

This setting is used to specify the maximum LDAP results per page when using the LDAP Simple Paged Results search request control. Default = 1000.

Follow Referrals

This setting is used to specify whether the system should attempt to follow any referrals generated by the LDAP server during a search.



Server Sets

The Server Sets tab contains two subtabs: Server Set Details and Servers.

Server Set Details

The Server Set Details subtab allows administrators to configure server set settings.

Legacy_Server_Sets_1.png
Table 188. Server Sets Fields

Field Name

Description

ID

The RapidIdentity internal id of the Server Set.

Name

The name of the Server Set server. Used only to allow identification of different Server Sets within the settings.



Legacy_Server_Sets_2.png
Table 189. Advanced Options

Field Name

Description

Initial Connections

This setting is used for LDAP connection pooling and is the specified number of connections that are opened when RapidIdentity Portal starts.

Max Connections

This setting is used for LDAP connection pooling and is the maximum number of connections that RapidIdentity Portal will establish with the LDAP server at any given time.

Authentication Pool Initial Connections

This setting is used to specify the initial size of the authentication LDAP connection pool. Default = 4. As of version 2.5.x, a separate LDAP connection pool is maintained for authentication only.

Authentication Pool Max Connections

This setting is used to specify the maximum size of the authentication LDAP connection pool. Default = 20.

Deference Policy

This setting is used to specify the alias deference policy for LDAP searches. Default = NEVER.

Max Search Results

This setting is used to specify the maximum number of results to return for general purpose searches. This is meant to keep rogue requests from overwhelming the server. Default = 1000.

Search Time Limit

This setting is used to specify the maximum LDAP search time limit. Default = 30 seconds.

Capture Search Stats

This setting is used to specify that the server should request search statistics from Active Directory when performing searches. This only works for Active Directory servers and the results will be printed in the logs. This should not be on for general purposes but may be helpful in tracking down why some searches are slow. Default = false. See this page for more info: LDAP_SERVER_GET_STATS_OID.

Domain Scoped

This setting is used to specify that LDAP requests contain the LDAP_SERVER_DOMAIN_SCOPE_OID control which instructs the LDAP server to not generate any referrals when completing a request.

Use Active Directory Fast Bind

This setting is used to specify that Active Directory Fast Bind is used for authenticating user logins.



The Servers subtab allows administrators to define server set servers as Available or Assigned.  

Legacy_Server_Sets_3.png

If only one server is configured, the default setting will be Assigned.