6.2.2.1. Available plugins

There are several LDAP plugins. The following table gives an overview of the supported plugins related to data storage and authentication.

The table also explains what the plugins require on the LDAP directory:

  • "Requires Extra Attributes": You have to add IAM-specific attributes to existing LDAP entries (e.g. to the User entries).
  • "Typically based on ObjectClass": Usually entries are usually based on the specified ObjectClasses (with extra IAM attributes added). However, you may also use or define other ObjectClasses and configure the LDAP plugins accordingly. "IAM custom node" means that you have to create extra nodes/trees and cannot re-use well-known ObjectClasses.

For detailed information about the plugins, please refer to help in the Config Editor.

Plugin
Usage
Requires Extra
Attributes
Typically based on ObjectClass
LDAP Connector
Use this whenever possible. Connects to LDAP directories and offers the following features:
LDAP directory as user data repository (User Persister, User Iterator, Extended User Persister)
Yes
person
inetOrgPerson
LDAP directory as password service (check password, reset password, change password)
Yes/No*
person
LDAP directory as token storage for one user-related token (e.g. using the mobile number attribute)
No
person
inetOrgPerson
LDAP Token List Persister
Used to read and write matrix card (also "token list" or "grid card") related information.
Yes
person
LDAP Password Self-Sevice Token Persister
Used to read and write data related to password self service tokens.
Yes
person
Table 12: Main LDAP Plugins
Plugin
Usage
Requires Extra
Attributes
Typically based on ObjectClass
LDAP User Persister
Legacy - use the "LDAP Connector" instead.Used to read and write user information.
see LDAP Connector
LDAP Credential Persister
Legacy - use the "LDAP Connector" instead. Used to read and write credential-related information (e.g. MTAN tokens, OTP token, Client Certificates). Credentials are stored with the user.
see LDAP Connector
LDAP Password Authenticator
Legacy - use the "LDAP Connector" instead. Used to verify, change and reset passwords.
see LDAP Connector
Table 13: Legacy LDAP Plugins

* Password service features can be used in a limited way without adding extra attributes.