LDAP configuration parameters

The following table lists the LDAP configuration parameters and indicates which parameters you can change after you install the Okta LDAP agent.

Use this command to change the Okta LDAP agent password:

/opt/Okta/OktaLDAPAgent/scripts/update.sh [-w|--ldap-admin-password] "<NewLDAPPassword>"

Parameter

Description

Can be changed after agent installation
ldapHost = 216.3.128.12 Hostname or IP of the LDAP server. This is the value configured during the agent installation. Yes*
ldapPort = 389 Port number of the LDAP server for unencrypted connection, configured during installation. Yes*
ldapSSLPort = 636 Port number of the LDAP server for encrypted connection, configured during installation. Yes*
ldapUseSSL = true Choose between the encrypted and unencrypted connections. If true, agent will use encrypted connection. Default option during installation is to use unencrypted connection. Recommended option is to use secured connection during installation. Yes*
ldapAdminDN = cn=ldsadmin, cn=admins, dc=example, dc=net, dc=local The Distinguished Name of the user the agent will bind to the LDAP server as. Yes**
ldapAdminPassword = <password hash> Password of a user that the agent will bind to the LDAP server as. Yes**
baseDN = dc=funnyface,dc=net,dc=local The root DN of the LDAP domain. No**
proxyEnabled = true Web proxy configuration is enabled or not. Yes*
proxyHost = 172.16.52.90 Web proxy host. Yes*
proxyPort = 8888 Web proxy port. Yes*
connectionHealthCheckFrequencyInMinutes = 0 Specify a positive number (minutes) to instruct the agent to print the connection health statistics to the log. Yes*
memoryTrackFrequencyInMinutes = 0 Specify a positive number (minutes) to instruct the agent to print the memory usage details to the log. Yes*
threadDumpFrequencyInMinutes = 0 Specify a positive number (minutes) to instruct the agent to print details about the running threads to the log. Yes*
ldapSearchPageSize = 500 The agent fetches search results from the LDAP server split into pages. The following parameter configures the maximum number of entries the LDAP server will return in a single response. Yes*
sslPinningEnabled = true Enable or disable SSL pinning. When SSL pinning is enabled, the agent uses a built-in whitelist of server certificates to make sure it connects to a known Okta server. Default option during installation is to enable SSL pinning for EA agents. Recommended option is to use SSL pinning. Yes*
agentId = a53d6jnf0kg38CpYG0h7 The parameter is configured during installation. No**
instanceId = The parameter is configured during installation. No**
ldapDomainId = 0oadmcd4ztXMng8FlkD7 The parameter is configured during installation. No**
orgUrl = https://privatedomain.oktapreview.com The parameter is configured during installation. No**
token = 274m55825/id2eC614POzB65kUmujJ9LSCNhjs8Tt5RJnoFtAKTLMVE9WXFkldu9 The parameter is configured during installation. No**
propertyKey = 92rFf9DofVHFndCMNJttdnDhnfefZfsnBkFQMQdjEeCjQpeUJdifMrsoFCFBd8m9 The parameter is configured during installation. No**
maxConnectionsPerHost Default is 10 and maximum is 50. Must be higher than the number of agent polling threads. Yes*
pollingThreadCount Default is 2 and the maximum is 10. The number of threads the LDAP agent uses to poll the server Yes*

* If there are changes in infrastructure, the old agent should be uninstalled and a new agent should be installed.

** Requires an agent restart to take effect.

Update LDAP configuration parameters

To change the value of configurable LDAP parameters, you update the values in the OktaLDAPAgent.conf file. Before you open or modify the LDAP agent configuration file, stop the Okta LDAP agent service under Windows Services. After updating and saving your changes to the OktaLDAPAgent.conf file, you'll need to restart the Okta LDAP agent to implement your changes.

Windows

In a Windows environment, you'll find the OktaLDAPAgent.conf file here: C:\Program Files\Okta\Okta LDAP Agent\conf\OktaLDAPAgent.conf.

Linux

In a Linux environment, you'll find the OktaLDAPAgent.conf file here: /opt/Okta/OktaLDAPAgent/conf/OktaLDAPAgent.conf.