LDAP
This connectivity package provides support for managing LDAP directories. It allows you to onboard any number of entire LDAP directories or their parts, and import information about users, groups, and group memberships. You can also automate the provisioning and de-provisioning of LDAP users, groups, and memberships.
Omada LDAP connector supports most LDAP-compliant directories that implement the protocol version 3. To ensure that your LDAP directory is supported, contact Omada Technical Support.
Supported objects and operations
The Omada LDAP Connectivity allows you to manage both identity data and access rights.
| Object | Operations |
|---|---|
| Users | Create, read, update, delete |
| User passwords | Create, update |
| Groups | Create, Read, update, delete |
| Group Memberships | Create, read, delete |
Minimum required permissions
You need an account with sufficient read rights to read from the directory, and an account with administrative access for provisioning users/groups/memberships. Various LDAP directory vendors may have different names or designation for this type of access. See you LDAP directory vendor’s documentation to select correct accounts.
Implementation notes
None.
Network requirements
For the Omada LDAP Connectivity, the following default network ports are required to be open in firewalls.
| Port number | Protocol |
|---|---|
| 389 | LDAP |
| 636 | Secure LDAP (SSL/TLS) |
| 3268 | Global Catalog LDAP |
| 3269 | Global Catalog LDAP SSL |
Other potentially useful ports to open between Omada Identity – specifically the SSIS, OPS and ES servers – and AD:
- TCP/UDP 135 (RPC EPMapper)
- TCP/UDP 53 (DNS)
- TCP/UDP 88 (Kerberos)
- TCP Dynamic (RPC)
- TCP/UDP 464 (Kerberos Change/Set Password)
- TCP 445 – (CIFS/ MICROSOFT-DS)
If you are running LDAP over a custom port, ensure that this custom port is open in any firewalls involved. You can configure proper ports in the Connection details section during System onboarding.
Prerequisites
None.