What is C2 Identity LDAP Sync?
Last updated:13 Jun 2023
What is C2 Identity LDAP Sync?
C2 Identity LDAP Sync is an agent that synchronizes user/group information between Synology LDAP Server and C2 Identity. To integrate your LDAP directory with C2 Identity, you need to install this agent on a device connected to your Synology LDAP Server.
Specifications
System requirements
- Windows
- Windows 7, 10, or 11 (64-bit only)
- Windows Server 2008 R2 or above
- PowerShell 5.2 or above
- Linux: Ubuntu 16.04 or above
Limitations
- Some of the supported Windows Server versions (e.g., Windows Server 2008 R2 SP1) include PowerShell 2.0 by default. To get a compatible version of PowerShell, install the .NET Framework and Windows Management Framework on your Windows Server.
- C2 Identity currently only supports the integration of one directory service.
- C2 Identity currently only supports one agent per integrated directory.
- LDAP directory integration is only available for Synology LDAP Server.
How C2 Identity LDAP Sync works
The following are the mechanisms of C2 Identity LDAP Sync (hereafter "agent"):
- Update user/group information to C2 Identity: The agent sends information about all users/groups from the synchronized LDAP directory to C2 Identity every 90 seconds.
- Retrieve user passwords from C2 Identity: When LDAP users update their passwords through C2 Identity's user portal, the changes are synchronized to the agent in real-time.
How user attributes are mapped to C2 Identity
LDAP Attributes |
C2 Identity Attributes |
---|---|
|
Username |
|
Password |
|
Primary email |
|
First name |
|
Last name |
|
UUID |
|
Description |
|
Employee number |
|
Employee type |
|
Job title |
|
Address |
|
Home phone |
|
Mobile phone |
|
Fax |
Notes:
- If the option Overwrite duplicate users and groups is selected during directory integration, C2 Identity users with the same username will be overwritten.
- If an LDAP user doesn't have an email, C2 Identity will generate a value for the primary email attribute using their
uid
and LDAP domain name (format:uid@domain
).