LDAP Synchronization Profiles

To set up LDAP synchronization, you need to do the following:

• Configure the general synchronization settings.
• Create a filter to retrieve the source user accounts to be synchronized.
• Map the (source) LDAP user account attributes to the appropriate (destination) OneSpan Authentication Server Appliance user account properties.

These configurations define a synchronization profile in the OneSpan Authentication Server Appliance Configuration Tool.

LDAP synchronization profiles define the following:

• The location of the source LDAP server.
• The user accounts from the source that need to be synchronized (filtering).
• Whether existing user accounts on OneSpan Authentication Server Appliance can be updated with data from the source LDAP server (using the Update Users option).
• The destination for the new or updated user accounts in the OneSpan Authentication Server Appliance organizational hierarchy.
• The synchronization frequency.
• How LDAP server user account attributes are mapped to OneSpan Authentication Server Appliance properties. Note that user account settings are called source attributes on the LDAP server and destination properties on OneSpan Authentication Server Appliance.

For a full reference of the LDAP synchronization profile fields, refer to the OneSpan Authentication Server Appliance Administrator Guide, Section "Configuration Tool: Field listings".

For example mappings of LDAP server user account attributes to OneSpan Authentication Server Appliance user account properties, refer to the  OneSpan Authentication Server Appliance Administrator Guide.

For most LDAP servers, the LDAP user password attribute cannot be mapped to user account passwords, due to security settings on the LDAP server.

Once the appropriate settings and mappings have been configured, synchronization occurs automatically. The user account data is synchronized from the LDAP server (source) to OneSpan Authentication Server Appliance (destination), and is not bidirectional.