Servers
The Servers tab allows administrators to configure organization-specific servers to use within RapidIdentity.
 |
Field Name | Description |
|---|---|
ID | The RapidIdentity internal id of the LDAP server. |
Name | The name of the LDAP server. Used only to allow identification of different server connections within the settings. |
Server Address | The server address refers to the server that hosts the LDAP directory. The entry can be a fully qualified domain name (e.g. ldapserver.example.com) or an IP address. It is important to verify that the networking infrastructure (i.e. firewalls, etc) allow communication between the RapidIdentity Portal server and the LDAP server referenced in this field. |
Encryption Method | RapidIdentity Portal supports SSL and Start-TLS encryption types. The default setting is no encryption. Note that no certificate verification is performed when an encryption type is verified. This allows the secure use of self-signed certificates. |
Port | The port number that the LDAP server is listening on. The default unencrypted port is 389 and the default encrypted port is 636. |
Trust All Certificates | Administrators can toggle this option to facilitate troubleshooting. For example, if the box is checked and neither LDAPS nor StartTLS provide the green "Connection Test Passed" box, then a likely root cause is the certificate. This option only displays when LDAPS or StartTLS is selected. |
Bind DN or User | The specified user account must have sufficient access to the LDAP tree. This includes authenticating, reading, and writing to any DN specified in the configuration. Almost all LDAP operations are performed as this user. NoteWhile write access may not be an absolute requirement some application functionality will be hindered without it. The built-in object browser makes finding the value required for this field easier. For Active Directory, this field should be either the userPrincipalName or <domain> \ <username> (e.g. what the user would normally use to log in to Windows) rather than the DN. |
Bind Password | Corresponding password for the user specified above. |
Base DN | Base DN for the LDAP server. |
Test Connection and Certificate Settings | This button performs a real-time connection test based on the parameters provided to see if an LDAP connection can be established. Test results are displayed in a dialog box. |
 |
Field Name | Description |
|---|---|
Connection Timeout (seconds) | The maximum number of seconds that RapidIdentity Portal will wait for a valid connection to be established with the LDAP server. |
Response Timeout (seconds) | The maximum number of seconds that RapidIdentity Portal will wait for a valid response from the LDAP server when performing LDAP operations. |
Search Page Size | This setting is used to specify the maximum LDAP results per page when using the LDAP Simple Paged Results search request control. Default = 1000. |
Follow Referrals | This setting is used to specify whether the system should attempt to follow any referrals generated by the LDAP server during a search. |
Server Sets
The Server Sets tab contains two subtabs: Server Set Details and Servers.
Server Set Details
The Server Set Details subtab allows administrators to configure server set settings.
 |
Field Name | Description |
|---|---|
ID | The RapidIdentity internal id of the Server Set. |
Name | The name of the Server Set server. Used only to allow identification of different Server Sets within the settings. |
 |
Field Name | Description |
|---|---|
Initial Connections | This setting is used for LDAP connection pooling and is the specified number of connections that are opened when RapidIdentity Portal starts. |
Max Connections | This setting is used for LDAP connection pooling and is the maximum number of connections that RapidIdentity Portal will establish with the LDAP server at any given time. |
Authentication Pool Initial Connections | This setting is used to specify the initial size of the authentication LDAP connection pool. Default = 4. As of version 2.5.x, a separate LDAP connection pool is maintained for authentication only. |
Authentication Pool Max Connections | This setting is used to specify the maximum size of the authentication LDAP connection pool. Default = 20. |
Deference Policy | This setting is used to specify the alias deference policy for LDAP searches. Default = NEVER. |
Max Search Results | This setting is used to specify the maximum number of results to return for general purpose searches. This is meant to keep rogue requests from overwhelming the server. Default = 1000. |
Search Time Limit | This setting is used to specify the maximum LDAP search time limit. Default = 30 seconds. |
Capture Search Stats | This setting is used to specify that the server should request search statistics from Active Directory when performing searches. This only works for Active Directory servers and the results will be printed in the logs. This should not be on for general purposes but may be helpful in tracking down why some searches are slow. Default = false. See this page for more info: LDAP_SERVER_GET_STATS_OID. |
Domain Scoped | This setting is used to specify that LDAP requests contain the LDAP_SERVER_DOMAIN_SCOPE_OID control which instructs the LDAP server to not generate any referrals when completing a request. |
Use Active Directory Fast Bind | This setting is used to specify that Active Directory Fast Bind is used for authenticating user logins. |
The Servers subtab allows administrators to define server set servers as Available or Assigned.
 |
If only one server is configured, the default setting will be Assigned.