LDAP record synchronization

Administrators can synchronize inactive, disabled, or deleted LDAP records with their LDAP records.

LDAP record synchronization is the process of detecting inactive records on the LDAP server and updating the corresponding LDAP records. Detecting inactive LDAP records involves defining consistent data indicators for each user object, importing LDAP data, and evaluating the data indicators.

A data indicator can be:
  • a date field
  • membership in a specific OU (identify by parsing the dn attribute), using the useraccountcontrol attribute
  • a combination of these indicators

Imported data comes into the instance through import set tables where the data can be evaluated and processed.

The import process can use:
  • LDAP extraction: a single import job to gather all user records into the import set temporary tables for evaluation
  • LDAP refresh filters: multiple import jobs to divide different types of user records, segregating records for separate processing