Add LDAP data stores

LDAP based data stores can be used to augment application attribute data by accessing external LDAP data.
During this task we will add an LDAP based data store.

Steps

Adding data stores

  1. Navigate to your Access Gateway Instance.
  2. Select the Settings tab.
  3. Select the Data Stores pane.
  4. Select (+)> Sql Database or (+) > LDAP Database.


Configuring an LDAP data store

After you select LDAP Database, the Create New DataStore wizard opens, initialized for LDAP data stores .

  1. Enter the following details:
    FieldDescriptionExample
    NameName used to identify the data store.My LDAP data store
    LDAP Connection StringURL to LDAP server and port.ldap://myldap.example.com:10362

    Bind User

    Username used to perform reads and writes.

    CN=Administrator,CN=Users,DC=example,DC=com

    Bind User Password

    Bind User Password.

    password

    Search DN

    The base DN from which to perform the search.

    CN=Users,DC=CN=Users,DC=example,DC=com=com

    Matching Filter

    The filter used to match records returned from the Search DN.

    (mail=${email@idp})

    Caution

    Fields used in Matching Filter clause must be defined as attributes for the application. If the field is not listed as an application attribute, a run time error will result.
    Attributes used exclusively in where clauses should be marked don't send.
    See Manage application attributes for more information.

  2. Click the Not Validated ()button when complete. Okta Access Gateway validates the connection to LDAP.
    If the validation is successful, the button changes to Valid ().

Manage available fields

  • After validation, all fields from a data store are automatically added to the Available Fields list.
    To remove a field from the data store:
    1. Place the cursor directly before a field to be removed.
    2. Click the keyboard delete key to remove the field.

    To add a field to the data store:

    1. Place the cursor anywhere in the list of fields.
      Note

      Note: The new field is added to the list at the position of the cursor. Also, the position in the list has no impact on the availability of fields in a data store.

       

    2. From the list of unused fields, click the name of a field to add it to the list of available fields.
    Important Note

    Important

    When data stores are created, they are set to inactive by default. To use a data store, activate it by changing the Active toggle from inactive to active.

    • Test

    To test an LDAP data store:

    1. In the row associated with the LDAP data store, click Simulate.
    2. For each LDAP field in the Matching Filter, enter a value.
    3. Click Test to run the simulation.
      Click Close to end the simulation.
    4. Examine the result. It should be the data returned from LDAP based on the filter values supplied earlier.