5.2 eDirectory Requirements

Verify that your eDirectory environment meets the following requirements:

  • eDirectory LDAP 8.8.8.

  • A unique identity for each user account, whether you have one or more eDirectory trees or identity sources.

To provision user accounts from eDirectory to the SaaS applications, all of the following attributes must be populated on the eDirectory users:

  • CN (Username is the field that populates this attribute.)

  • Given Name (First name is the field that populates this attribute.)

  • Internet EMail Address

  • Surname (Last name is the field that populates this attribute.)

Obtain the following required items:

  • The password and fully distinguished LDAP-formatted name of a user in eDirectory who has the following rights. The appliance will use this user account to make LDAP binds to eDirectory:

    • Property Rights

      • CN: compare, read, inherit

      • Description: compare, read, inherit

      • Given Name: compare, read, inherit

      • GUID: compare, read, inherit

      • Internet EMail Address: compare, read, inherit

      • Login Disabled: compare, read, inherit

      • Member: compare, read, inherit

      • Group Membership: compare, read, inherit

      • Surname: compare, read, inherit

    • Entry Rights: browse, inherit

  • The name and password of a user in eDirectory who becomes the administrator of the appliance. The user must reside in the subtree of the search context for the identity source specified during the initialization of the appliance.

  • The IP address of one or more eDirectory servers that contain a replica of the partition holding the user objects and that run NLDAP.

  • The context of the users in eDirectory.