Additional Settings

Use these additional settings to further configure aggregation, enable and disable operations, lock and unlock operations, and the LDAP password attribute.

For sample data information for the fields and corresponding LDAP server, refer to Sample Configuration Data for LDAP Servers.

Aggregation Configuration

To configure aggregation, complete the following as required:

  1. Select the Delta Aggregation Mode used to detect changes in the directory during delta aggregation. Make sure the directory server supports the selected Delta Iteration Mode.

    Note

    • The Modify Time Stamp option does not fetch details of deleted objects.

    • For USN Change and Change Log to function properly, the configuration settings need to be updated on the LDAP server.

  2. (Only applicable if you select the USN Change option from the Delta Aggregation Mode drop-down menu) Enter the Deleted Objects Container DN for the appropriate container for deleted objects. You need to configure the Deleted Container DN to fetch the deleted objects in delta aggregation. For example:

    CN=Deleted Objects,dc=sailpoint,dc=com

  3. Enter the Page Size to set the maximum number of results fetched by a single page during the search operation. The default is 100.

  4. Configure Unique Account Attribute with an attribute that never changes for the account in its life cycle and can be used to uniquely identify the account.

  5. Select Save.

Enable and Disable Operation Configuration

To configure the enable and disable operations, complete the following:

  1. Configure Revoke Attribute Name with an attribute that indicates whether the account is enabled or disabled.

    Note
    The Revoke Attribute Name and Restore Attribute Name should be the same on your LDAP server.

  2. Configure the Revoke Attribute Value with the value needed to set the Revoke Attribute (configured in the previous step) while the account is being disabled.

  3. In the Revoke Action field, configure the required action to perform during the revoke operation. If this value needs to be updated, the action can be ADD or REPLACE. Leave this field blank to remove the Revoke Attribute from the account.

  4. Configure Restore Attribute Name with an attribute that indicates whether the account is enabled or disabled.

  5. Configure the Restore Attribute Value with the value needed to set the Restore Attribute while the account is being enabled.

  6. In the Restore Action field, configure the required action to perform during the restore operation. If this value needs to be updated, the action can be ADD or REPLACE. Leave this field blank to remove the Restore Attribute from the account.

  7. Select Save after you have completed your configuration.

Lock and Unlock Operation Configuration

To configure the lock and unlock operations, complete the following:

  1. Enter a Lock Attribute Name to indicate whether the account is locked or unlocked.

  2. Enter the Unlock Attribute Name(s) that need to be updated during the Unlock Operation. Enter multiple values by adding an attribute and then pressing the Enter key.

  3. Configure Unlock Attribute Value with the value SailPoint sets for the attributes listed in the Unlock Attribute Name(s) list. Leave this field blank to remove the Unlock Attributes from the account during the Unlock Operation.

  4. In the Unlock Action field, configure the required action to perform during the Unlock Operation. If this value need to be updated, the action can be ADD or REPLACE. Leave this field blank to remove the Unlock Attributes from the account.

  5. Select Save.

Password Reset Configuration

To configure the password attribute, complete the following:

  1. Enter the Password Attribute Name for the LDAP server.

  2. Enter the Password Expiry Attribute Name to update when the administrator reset operation is performed. For example:

    pwdReset

    passwordExpirationTime

  3. Enter the Immediate Password Expiry Attribute Value to be set for the password expiry attribute when the administrator resets the password for the user. For example, set the value for pwdReset attribute to true.

  4. Select Save.