Add LDAP data stores
LDAP based data stores can be used to augment application attribute data by accessing external LDAP data.
During this task we will add an LDAP based data store.
- Navigate to your Access Gateway Instance.
- Select the Settings tab.
- Select the Data Stores pane.
- Select (+)> Sql Database or (+) > LDAP Database.
After you select LDAP Database, the Create New DataStore wizard opens, initialized for LDAP data stores .
- Enter the following details:
Field Description Example Name Name used to identify the data store. My LDAP data store LDAP Connection String URL to LDAP server and port. ldap://myldap.example.com:10362
Username used to perform reads and writes.
Bind User Password
Bind User Password.
The base DN from which to perform the search.
The filter used to match records returned from the Search DN.
Fields used in Matching Filter clause must be defined as attributes for the application. If the field is not listed as an application attribute, a run time error will result.
Attributes used exclusively in where clauses should be marked as don't send.
See Manage application attributes for more information.
Click the Not Validated ()button when complete. Okta Access Gateway validates the connection to LDAP.
If the validation is successful, the button changes to Valid ().
Manage available fields
To remove a field from the data store:
- Place the cursor directly before a field to be removed.
- Click the keyboard delete key to remove the field.
To add a field to the data store:
- Place the cursor anywhere in the list of fields.
- From the list of unused fields, click the name of a field to add it to the list of available fields.
When data stores are created, they are set to inactive by default. To use a data store, activate it by changing the Active toggle from inactive to active.
To test an LDAP data store:
- In the row associated with the LDAP data store, click Simulate.
- For each LDAP field in the Matching Filter, enter a value.
- Click Test to run the simulation.
Click Close to end the simulation.
- Examine the result. It should be the data returned from LDAP based on the filter values supplied earlier.