LDAP configuration parameters

The following table describes the LDAP configuration parameters and indicates which ones can be manually changed after install the LDAP agentA software agent is a lightweight program that runs as a service outside of Okta. It is typically installed behind a firewall and allows Okta to tunnel communication between an on-premises service and Okta's cloud service. Okta employs several agent types: Active Directory, LDAP, RADIUS, RSA, Active Directory Password Sync, and IWA. For example, users can install multiple Active Directory agents to ensure that the integration is robust and highly available across geographic locations..

You can change the password of the LDAP agent using this command:

/opt/Okta/OktaLDAPAgent/scripts/update.sh [-w|--ldap-adminAn abbreviation of administrator. This is the individual(s) who have access to the Okta Administrator Dashboard. They control the provisioning and deprovisioning of end users, the assigning of apps, the resetting of passwords, and the overall end user experience. Only administrators have the Administration button on the upper right side of the My Applications page.-password] "<NewLDAPPassword>"

Parameter Description Can be changed after agent installation
ldapHost = 216.3.128.12 Hostname or IP of the LDAP server. This is the value configured during the agent installation. Yes*
ldapPort = 389 Port number of the LDAP server for unencrypted connection, configured during installation. Yes*
ldapSSLPort = 636 Port number of the LDAP server for encrypted connection, configured during installation. Yes*
ldapUseSSL = true Choose between the encrypted and unencrypted connections. If true, agent will use encrypted connection. Default option during installation is to use unencrypted connection. Recommended option is to use secured connection during installation. Yes*
ldapAdminDN = cn=ldsadmin, cn=admins, dc=example, dc=net, dc=local The Distinguished Name of the user the agent will bind to the LDAP server as. Yes**
ldapAdminPassword = <password hash> Password of a user that the agent will bind to the LDAP server as. Yes**
baseDN = dc=funnyface,dc=net,dc=local The root DN of the LDAP domainA domain is an attribute of an Okta organization. Okta uses a fully-qualified domain name, meaning it always includes the top-level domain (.com, .eu, etc.), but does not include the protocol (https).. No**
proxyEnabled = true Web proxy configuration is enabled or not. Yes*
proxyHost = 172.16.52.90 Web proxy host. Yes*
proxyPort = 8888 Web proxy port. Yes*
connectionHealthCheckFrequencyInMinutes = 0 Specify a positive number (minutes) to instruct the agent to print the connection health statistics to the log. Yes*
memoryTrackFrequencyInMinutes = 0 Specify a positive number (minutes) to instruct the agent to print the memory usage details to the log. Yes*
threadDumpFrequencyInMinutes = 0 Specify a positive number (minutes) to instruct the agent to print details about the running threads to the log. Yes*
ldapSearchPageSize = 500 The agent fetches search results from the LDAP server split into pages. The following parameter configures the maximum number of entries the LDAP server will return in a single response. Yes*
sslPinningEnabled = true Enable or disable SSL pinning. When SSL pinning is enabled, the agent uses a built-in whitelist of server certificates to make sure it connects to a known Okta server. Default option during installation is to enable SSL pinning for EA agents. Recommended option is to use SSL pinning. Yes*
agentId = a53d6jnf0kg38CpYG0h7 The parameter is configured during installation. No**
instanceId = The parameter is configured during installation. No**
ldapDomainId = 0oadmcd4ztXMng8FlkD7 The parameter is configured during installation. No**
orgUrl = https://privatedomain.oktapreview.com The parameter is configured during installation. No**
token = 274m55825/id2eC614POzB65kUmujJ9LSCNhjs8Tt5RJnoFtAKTLMVE9WXFkldu9 The parameter is configured during installation. No**
propertyKey = 92rFf9DofVHFndCMNJttdnDhnfefZfsnBkFQMQdjEeCjQpeUJdifMrsoFCFBd8m9 The parameter is configured during installation. No**

* If there are changes in infrastructure, the old agent should be uninstalled and a new agent should be installed.

** Requires an agent restart to take effect.

Top