LDAP configuration parameters

The following table lists the LDAP configuration parameters and indicates which parameters you can change after you install the Okta LDAP Agent.

Use this command to change the Okta LDAP Agent password:

/opt/Okta/OktaLDAPAgent/scripts/update.sh [-w|--ldap-admin-password] "<NewLDAPPassword>"

Parameter Description Can be changed after agent installation
ldapHost = 216.3.128.12 Hostname or IP of the LDAP server. This is the value configured during the agent installation. Yes1
ldapPort = 389 Port number of the LDAP server for unencrypted connection, configured during installation. Yes1
ldapSSLPort = 636 Port number of the LDAP server for encrypted connection, configured during installation. Yes1
ldapUseSSL = true Choose between the encrypted and unencrypted connections. If true, the agent uses encrypted connection. The default option during installation is to use an unencrypted connection. The recommended option is to use a secured connection during installation. Yes1
ldapAdminDN = cn=ldsadmin, cn=admins, dc=example, dc=net, dc=local The Distinguished Name of the user the agent binds to the LDAP server as. Yes2
ldapAdminPassword = <password hash> Password of a user that the agent binds to the LDAP server as. Yes2
baseDN = dc=funnyface,dc=net,dc=local The root DN of the LDAP domain. No1
proxyEnabled = true Web proxy configuration is enabled or not. Yes1
proxyHost = 172.16.52.90 Web proxy host. Yes1
proxyPort = 8888 Web proxy port. Yes1
connectionHealthCheckFrequencyInMinutes = 0 Specify a positive number (minutes) to instruct the agent to print the connection health statistics to the log. Yes1
memoryTrackFrequencyInMinutes = 0 Specify a positive number (minutes) to instruct the agent to print the memory usage details to the log. Yes1
threadDumpFrequencyInMinutes = 0 Specify a positive number (minutes) to instruct the agent to print details about the running threads to the log. Yes1
ldapSearchPageSize = 500 The agent fetches search results from the LDAP server split into pages. The following parameter configures the maximum number of entries the LDAP server returns in a single response. Yes1
sslPinningEnabled = true Enable or disable SSL pinning. When SSL pinning is enabled, the agent uses a built-in allowlist of server certificates to make sure it connects to a known Okta server. The default option during installation is to enable SSL pinning for EA agents. The recommended option is to use SSL pinning. Yes1
agentId = a53d6jnf0kg38CpYG0h7 The parameter is configured during installation. No1
instanceId = The parameter is configured during installation. No1
ldapDomainId = 0oadmcd4ztXMng8FlkD7 The parameter is configured during installation. No1
orgUrl = https://privatedomain.oktapreview.com The parameter is configured during installation. No1
token = 274m55...kldu9 The parameter is configured during installation. This parameter only applies to Okta LDAP Agent version 5.21.0 and earlier. No1
agentKey = O2Ngbf...ggzY= The parameter is configured during installation. No1
clientId = wlp2xvb6mIgCcVB7W5s6 The parameter is configured during installation. No1
propertyKey = 92rFf9...8m9 The parameter is configured during installation. No1
maxConnectionsPerHost The default is 10 and the maximum is 50. Must be higher than the number of agent polling threads. Yes1
pollingThreadCount The default is 2 and the maximum is 10. The number of threads the LDAP agent uses to poll the server Yes1

fipsMode

When installing LDAP agent version 5.19.0 and higher, fipsMode can be enabled or disabled.

During restart or upgrade, if fipsMode isn't present or has an invalid value, FIPS mode is enabled.

Yes3

1 If there are changes in infrastructure, the old agent should be uninstalled and a new agent should be installed.

2 Requires an agent restart to take effect.

3 LDAP agent versions 5.16.0, 5.17.0, and 5.18.0 have FIPS mode enabled by default and can't be disabled.

Update LDAP configuration parameters

To change the value of configurable LDAP parameters, you update the values in the OktaLDAPAgent.conf file. Before you open or modify the LDAP agent configuration file, stop the Okta LDAP Agent service under Windows Services. After updating and saving your changes to the OktaLDAPAgent.conf file, you'll need to restart the Okta LDAP Agent to implement your changes.

Windows

In a Windows environment, you'll find the OktaLDAPAgent.conf file here: C:\Program Files\Okta\Okta LDAP Agent\conf\OktaLDAPAgent.conf.

Linux

In a Linux environment, you'll find the OktaLDAPAgent.conf file here: /opt/Okta/OktaLDAPAgent/conf/OktaLDAPAgent.conf.

Related topics

Reconfigure an Okta LDAP Agent