LDAP configuration parameters
The following table describes the LDAPLightweight Directory Access Protocol (LDAP) is a lightweight client-server protocol for accessing directory services, specifically X.500-based directory services. LDAP runs over TCP/IP or other connection oriented transfer services. configuration parameters and indicates which ones can be manually changed after installing the LDAP agentA software agent is a lightweight program that runs as a service outside of Okta. It is typically installed behind a firewall and allows Okta to tunnel communication between an on-premises service and Okta's cloud service. Okta employs several agent types: Active Directory, LDAP, RADIUS, RSA, Active Directory Password Sync, and IWA. For example, users can install multiple Active Directory agents to ensure that the integration is robust and highly available across geographic locations..
You can change the password of the LDAP agent using this command:
/opt/Okta/OktaLDAPAgent/scripts/update.sh [-w|--ldap-adminAn abbreviation of administrator. This is the individual(s) who have access to the Okta Administrator Dashboard. They control the provisioning and deprovisioning of end users, the assigning of apps, the resetting of passwords, and the overall end user experience. Only administrators have the Administration button on the upper right side of the My Applications page.-password] "<NewLDAPPassword>"
|Parameter||Description||Can be changed after agent installation|
|ldapHost = 184.108.40.206||Hostname or IP of the LDAP server. This is the value configured during the agent installation.||Yes*|
|ldapPort = 389||Port number of the LDAP server for unencrypted connection, configured during installation.||Yes*|
|ldapSSLPort = 636||Port number of the LDAP server for encrypted connection, configured during installation.||Yes*|
|ldapUseSSL = true||Choose between the encrypted and unencrypted connections. If true, agent will use encrypted connection. Default option during installation is to use unencrypted connection. Recommended option is to use secured connection during installation.||Yes*|
|ldapAdminDN = cn=ldsadmin, cn=admins, dc=example, dc=net, dc=local||The Distinguished Name of the user the agent will bind to the LDAP server as.||Yes**|
|ldapAdminPassword = <password hash>||Password of a user that the agent will bind to the LDAP server as.||Yes**|
|baseDN = dc=funnyface,dc=net,dc=local||The root DN of the LDAP domainA domain is an attribute of an Okta organization. Okta uses a fully-qualified domain name, meaning it always includes the top-level domain (.com, .eu, etc.), but does not include the protocol (https)..||No**|
|proxyEnabled = true||Web proxy configuration is enabled or not.||Yes*|
|proxyHost = 172.16.52.90||Web proxy host.||Yes*|
|proxyPort = 8888||Web proxy port.||Yes*|
|connectionHealthCheckFrequencyInMinutes = 0||Specify a positive number (minutes) to instruct the agent to print the connection health statistics to the log.||Yes*|
|memoryTrackFrequencyInMinutes = 0||Specify a positive number (minutes) to instruct the agent to print the memory usage details to the log.||Yes*|
|threadDumpFrequencyInMinutes = 0||Specify a positive number (minutes) to instruct the agent to print details about the running threads to the log.||Yes*|
|ldapSearchPageSize = 500||The agent fetches search results from the LDAP server split into pages. The following parameter configures the maximum number of entries the LDAP server will return in a single response.||Yes*|
|sslPinningEnabled = true||Enable or disable SSL pinning. When SSL pinning is enabled, the agent uses a built-in whitelist of server certificates to make sure it connects to a known Okta server. Default option during installation is to enable SSL pinning for EA agents. Recommended option is to use SSL pinning.||Yes*|
|agentId = a53d6jnf0kg38CpYG0h7||The parameter is configured during installation.||No**|
|instanceId =||The parameter is configured during installation.||No**|
|ldapDomainId = 0oadmcd4ztXMng8FlkD7||The parameter is configured during installation.||No**|
|orgUrl = https://privatedomain.oktapreview.com||The parameter is configured during installation.||No**|
|token = 274m55825/id2eC614POzB65kUmujJ9LSCNhjs8Tt5RJnoFtAKTLMVE9WXFkldu9||The parameter is configured during installation.||No**|
|propertyKey = 92rFf9DofVHFndCMNJttdnDhnfefZfsnBkFQMQdjEeCjQpeUJdifMrsoFCFBd8m9||The parameter is configured during installation.||No**|
|maxConnectionsPerHost||Default is 10 and maximum is 50. Must be higher than the number of agent polling threads.||Yes*|
|pollingThreadCount||Default is 2 and the maximum is 10. The number of threads the LDAP agent uses to poll the server||Yes*|
* If there are changes in infrastructure, the old agent should be uninstalled and a new agent should be installed.
** Requires an agent restart to take effect.
Update LDAP configuration parameters
To change the value of configurable LDAP parameters, you update the values in the OktaLDAPAgent.conf file. Before you open or modify the LDAP agent configuration file, stop the Okta LDAP agent service under Windows Services. After updating and saving your changes to the OktaLDAPAgent.conf file, you'll need to restart the Okta LDAP agent to implement your changes.
In a Windows environment, you'll find the OktaLDAPAgent.conf file here: C:\Program Files\Okta\Okta LDAP Agent\conf\OktaLDAPAgent.conf.
In a Linux environment, you'll find the OktaLDAPAgent.conf file here: /opt/Okta/OktaLDAPAgent/conf/OktaLDAPAgent.conf.