LDAP listener

A listener is a dedicated process that periodically searches for changes to users and groups on the LDAP server.

The listener can be deployed on a Microsoft Active Directory server that supports persistent queries (ADNotify), or on an LDAP server that supports persistent search request control (with OID 2.16.840.1.113730.3.4.3)

If the LDAP server supports a persistent search, the LDAP listener recognizes any user and group changes made to any of the applicable LDAP accounts and forwards them to your instance within approximately 10 seconds. This allows the instance to have a nearly real-time copy of your users' account details without having to wait for the next scheduled refresh. The LDAP listener can only synchronize objects that map to the User [sys_users] and Group [sys_user_group] tables.

Note: If a user is added via the listener, but the user does not meet the requirements as defined by the OU filter, then the instance ignores the record on the LDAP server. If it meets the criteria, the user is added to the instance.

LDAP listener properties

Several properties control the behavior of the LDAP listener.

Table 1. LDAP listener properties
Property Description
glide.ldap.listener.use_background_transaction When true, the LDAP listener is started as a background transaction. By running the LDAP listener as a background transaction, the quota rule LDAP Listener Start/Stop Transaction can cancel the transaction after the maximum duration is reached, 5 minutes by default. This behavior prevents an LDAP listener from waiting indefinitely.
Note: This property applies only to LDAP connections that do not use a MID Server. Use glide.ldap.listener.mid.use_background_transaction to control the behavior of LDAP connections that go through a MID Server.
  • Type: true | false
  • Default value: false
  • Location: Add to the System Property [sys_properties] table
glide.ldap.listener.mid.use_background_transaction When true, the LDAP listener is started as a background transaction. By running the LDAP listener as a background transaction, the quota rule LDAP Listener Start/Stop MID Transaction can cancel the transaction after the maximum duration is reached, 5 minutes by default. This behavior prevents an LDAP listener from waiting indefinitely.
Note: This property applies only to LDAP connections that use a MID Server. Use glide.ldap.listener.use_background_transaction to control the behavior of LDAP connections that do not go through a MID Server.
  • Type: true | false
  • Default value: false
  • Location: Add to the System Property [sys_properties] table
glide.ldap.listener.mid.one_listener When true, only a single ECC queue message is created to start or stop the LDAP listener through a MID Server. When false, multiple ECC queue messages can be created, leading to the creation of multiple threads to start or stop the LDAP listener.
  • Type: true | false
  • Default value: true
  • Location: Add to the System Property [sys_properties] table