30.3 LDAP page (Operation Settings)
Setting |
|
Default value |
|
Description |
An LDAP search query that is performed to filter the results returned when you import an additional identity from the directory in the MyID Operator Client. |
Further information |
Setting |
|
Default value |
|
Description |
An LDAP search query that is performed to filter the results returned when you import an additional identity from the directory for your own account in the MyID Operator Client. You can include substitutions in this query using values from the vPeopleUserAccounts view in the MyID database; this allows you to restrict the available list of additional identities that a person can add to their own account. |
Further information |
Setting |
|
Default value |
Yes |
Description |
Whether a user can be added if another user with the same DN already exists. Yes – duplicate DN values are allowed. No – duplicate DN values are not allowed. Ask – the operator is warned if a duplicate DN value is entered, but allowed to continue if required. |
Further information |
|
Setting |
|
Default value |
No |
Description |
Set to Yes to allow an operator to add a device from the LDAP directory into the MyID database using the Add Device workflow. |
Further information |
|
Setting |
|
Default value |
No |
Description |
Set to Yes to allow an operator to add a device from the LDAP Directory into the MyID database when requesting a card. |
Further information |
|
Setting |
|
Default value |
No |
Description |
When a new user account is created in MyID, the user OU may not be able to be matched to a MyID group that is linked to a directory OU; set this option to Yes to link the account to the default directory registered with MyID. |
Further information |
See the MyID configuration options section in the Derived Credentials Self-Service Request Portal guide. |
Setting |
|
Default value |
No |
Description |
When a record is accessed, MyID automatically checks the directory for any changes to an individual's details, and updates the information held in MyID. |
Further information |
|
Setting |
|
Default value |
No |
Description |
Whether the containers in the DN of a user account pushed to an LDAP directory will be created if they do not already exist. |
Further information |
Cannot be edited. |
Setting |
|
Default value |
No |
Description |
Set to Yes before you upgrade your system if you want to prevent the installation program from overwriting any custom LDAP mappings. |
Further information |
See the Upgrading systems with custom LDAP mappings section in the Installation and Configuration Guide for details. |
Setting |
|
Default value |
No |
Description |
Whether user accounts imported from a directory should be disabled if an attempt is made to synchronize the directory with MyID but the user no longer exists in the directory (whether because the directory has been updated independently, or with the Active Directory Deletion Tool). Historic information is retained but you cannot issue devices to this person. This option also determines whether user accounts imported from a directory should be disabled if the user has been disabled in the directory. |
Further information |
|
Setting |
|
Default value |
No |
Description |
If set to Yes, displays an additional tab on the job confirmation screen of the Collect Card workflow. |
Further information |
|
Setting |
|
Default value |
Yes |
Description |
Whether the user is allowed to edit person data retrieved from the directory when Update user information in the directory is not enabled. Changes are stored in the MyID database and may be overwritten with information from the directory if MyID synchronizes with it |
Further information |
|
Setting |
|
Default value |
No |
Description |
Whether the DN for a person can be manually edited. |
Further information |
On new installations of MyID, this setting does not appear; by default, it appears only on systems that have been upgraded from a previous version of MyID. This setting has no effect unless you have installed an additional update to MyID that allows you to edit the Distinguished Name. For more information, contact customer support, quoting reference SUP-322. |
Setting |
|
Default value |
No |
Description |
Whether to display the Account tab, including the User Principal Name and SAM Account Name fields, during View Person, Add Person and Edit Person. This option does not affect the MyID Operator Client. |
Further information |
|
Setting |
|
Default value |
No |
Description |
Store the user's NETBIOS name instead of the DNS name. If you change this to Yes, we recommend you set the Background Update option to Yes to allow existing user accounts to be updated. When you import someone from an LDAP directory, the DNS-style domain name is shown in the Domain field on the Account tab. When you save the record, the domain name is converted to the NETBIOS-style name. |
Further information |
Setting |
|
Default value |
|
Description |
Used for LDAP updates. |
Further information |
For more information, contact customer support, quoting reference SUP-227. |
Setting |
|
Default value |
|
Description |
Used for LDAP updates. |
Further information |
For more information, contact customer support, quoting reference SUP-227. |
Setting |
|
Default value |
|
Description |
Used for LDAP updates. |
Further information |
For more information, contact customer support, quoting reference SUP-227. |
Setting |
|
Default value |
|
Description |
Used for LDAP updates. |
Further information |
For more information, contact customer support, quoting reference SUP-227. |
Setting |
|
Default value |
|
Description |
Used for LDAP updates. |
Further information |
For more information, contact customer support, quoting reference SUP-227. |
Setting |
|
Default value |
|
Description |
Used for LDAP updates. |
Further information |
For more information, contact customer support, quoting reference SUP-227. |
Setting |
|
Default value |
|
Description |
Used for LDAP updates. |
Further information |
For more information, contact customer support, quoting reference SUP-227. |
Setting |
|
Default value |
No |
Description |
Allows you to link user roles to groups in the LDAP. |
Further information |
See section 4.4.2, Setting up linked roles for more information about linking user roles to LDAP groups. |
Setting |
Revoke certificates if user is removed or disabled following background directory update |
Default value |
Yes |
Description |
Whether active certificates for a user are revoked or disabled if an attempt is made to synchronize the directory with MyID but the user no longer exists in the directory. MyID revokes certificates if the user is removed from the directory, and suspends certificates if the user is disabled in the directory. |
Further information |
See also section 5.5, The Batch Directory Synchronization Tool. |
Setting |
|
Default value |
Ask |
Description |
Whether MyID or an LDAP directory is to be searched when looking for a person. Yes – restrict the search to the directory No – restrict the search to MyID Ask – the person entering the search criteria can choose where to search |
Further information |
If this option is set to Yes, you cannot search the MyID database using, for example, the View Person workflow. If you want to be able to search the MyID database, set this option to Ask or No. |
Setting |
|
Default value |
Yes |
Description |
Whether to skip the Person Details stage when finding a person. This stage provides further details but is not needed in your environment if sufficient information is shown in the list of potential matches. |
Further information |
|
Setting |
|
Default value |
No |
Description |
If this option is set to Yes, immediately after importing an unknown user MyID will attempt to pull extended details for that user from LDAP. A match will first be attempted using the DN of the certificate used to make the request. If no match is found, and the certificate contains a UPN, a second attempt will be made to match against the UPN. If both of these fail to match, no further data will be imported for the account. |
Further information |
See the MyID configuration options section in the Derived Credentials Self-Service Request Portal guide. |
Setting |
|
Default value |
No |
Description |
Determines whether MyID updates Entrust with changes to the DN. |
Further information |
Not used for PIV systems, which have an alternative method for tracking Entrust DN changes. See the Tracking Entrust DN changes section in the Entrust CA Integration Guide for details. |
Setting |
|
Default value |
No |
Description |
Controls whether group details are pushed back to the directory when changes are made in MyID. Note: If this is set to No and Background Update is set to Yes, any changes may be overwritten if the directory has not been updated. |
Further information |
|
Setting |
|
Default value |
No |
Description |
Controls whether user details are pushed back to the directory when changes are made in MyID. Note: If this is set to No and Background Update is set to Yes, any changes may be overwritten if the directory has not been updated. |
Further information |
|