MicroStrategy ONE
Synchronizing Users from OpenLDAP
You can add users to your MicroStrategy Identity Network by synchronizing their information from an OpenLDAP server. This provides a quick way to add existing user information from an existing OpenLDAP server, keeping the user information between MicroStrategy Identity and your IDM system consistent and accurate.
OpenLDAP is integrated through a lightweight, Java-based application that communicates securely between the OpenLDAP server and the MicroStrategy Identity Server. The application that performs this role is called the Identity Agent. You install the Identity Agent for OpenLDAP on a machine at your organization, enabling you to store your OpenLDAP credentials locally.
The Identity Agent will provide updated user information in OpenLDAP to the MicroStrategy Identity Server.
Adding Users from OpenLDAP
If you have already added users to your MicroStrategy Identity Network through OpenLDAP, you can manage the users included in it by defining the OpenLDAP groups or organizational units that are synchronized with your network.
The following steps assume that you have created a MicroStrategy Identity Network and associated badge.
- You have an OpenLDAP server, accessible through LDAP protocol version 3.
- You have administrator privileges to install the Identity Agent.
- The machine on which you install the Identity Agent must meet the following requirements:
- Microsoft Windows Server 2008 R2, 2012, or 2012 R2 (64-bit) operating system.
- Java SE Development Kit (JDK) version 1.7 or later, 64-bit. The file path of the JDK bin folder must be added to your Microsoft Windows PATH environment variable; for steps, see your third-party documentation.
- Able to communicate with your OpenLDAP server.
MicroStrategy recommends that you install the Identity Agent on a separate machine from your OpenLDAP server.
- To create a certificate signing request (CSR) to secure your connection, you must have a third-party tool to generate CSRs, such as the OpenSSL® utility.
- Gather the following information:
- Connection information to your OpenLDAP server, including credentials for an LDAP account that has access to read all users and user information included in your OpenLDAP repository.
- For on-premises implementations, the signing Certificate Authority used to sign client certificates
- For MicroStrategy Cloud implementations, if you connect with a proxy server, the host address and port number of the proxy server. If required by the proxy server, you may also need a user name and password. See your third-party documentation for requirements.
- To secure the communication between the Identity Agent and your OpenLDAP server using LDAP over SSL (LDAPS), you must have a certificate saved in Java KeyStore (.jks) format. The certificate must be stored in a location that is accessible by the machine that you install the Identity Agent on. Contact your OpenLDAP administrator to obtain a certificate.
- If you add users to your MicroStrategy Identity Network in ways other than OpenLDAP, such as by importing users from a comma-separated values (CSV) file or through a different IDM system such as Microsoft Active Directory, you cannot import users from OpenLDAP.
Perform the following steps to connect your OpenLDAP system with MicroStrategy Identity:
- Create a Certificate Signing Request in OpenLDAP
- Install and Configure the MicroStrategy Identity Agent for OpenLDAP
- Add OpenLDAP Information to MicroStrategy Identity and Synchronize Users
- Including Profile Photos in OpenLDAP