What is C2 Identity LDAP Sync?

What is C2 Identity LDAP Sync?

C2 Identity LDAP Sync is an agent that synchronizes user/group information between Synology LDAP Server and C2 Identity. To integrate your LDAP directory with C2 Identity, you need to install this agent on a device connected to your Synology LDAP Server.

Specifications

System requirements

  • Windows
    • Windows 7, 10, or 11 (64-bit only)
    • Windows Server 2008 R2 or above
    • PowerShell 5.2 or above
  • Linux: Ubuntu 16.04 or above

Limitations

  • Some of the supported Windows Server versions (e.g., Windows Server 2008 R2 SP1) include PowerShell 2.0 by default. To get a compatible version of PowerShell, install the .NET Framework and Windows Management Framework on your Windows Server.
  • C2 Identity currently only supports the integration of one directory service.
  • C2 Identity currently only supports one agent per integrated directory.
  • LDAP directory integration is only available for Synology LDAP Server.

How C2 Identity LDAP Sync works

The following are the mechanisms of C2 Identity LDAP Sync (hereafter "agent"):

  • Update user/group information to C2 Identity: The agent sends information about all users/groups from the synchronized LDAP directory to C2 Identity every 90 seconds.
  • Retrieve user passwords from C2 Identity: When LDAP users update their passwords through C2 Identity's user portal, the changes are synchronized to the agent in real-time.

How user attributes are mapped to C2 Identity

LDAP Attributes

C2 Identity Attributes

uid

Username

userPassword

Password

Email

Primary email

givenName

First name

sn

Last name

entryUUID

UUID

description

Description

employeeNumber

Employee number

employeeType

Employee type

title

Job title

postOfficeBox + street + postalCode + st

Address

homePhone

Home phone

mobile

Mobile phone

facsimileTelephoneNumber

Fax

Notes:

  • If the option Overwrite duplicate users and groups is selected during directory integration, C2 Identity users with the same username will be overwritten.
  • If an LDAP user doesn't have an email, C2 Identity will generate a value for the primary email attribute using their uid and LDAP domain name (format: uid@domain).
Specifications
System requirements
Limitations
How C2 Identity LDAP Sync works
How user attributes are mapped to C2 Identity
Further reading