Guidelines for configuring an OpenLDAP server

If you want to use an OpenLDAP server for identity federation, you must configure specific settings on the OpenLDAP server.

Memberof and refint overlays

The memberof and refint overlays should be enabled. For more information, see the "Reverse Group Membership Maintenance" section in the OpenLDAP Software Administrator's Guide.

Indexing

You must configure the following OpenLDAP attributes with the specified index keywords:
  • olcDbIndex: objectClass eq
  • olcDbIndex: uid eq,pres,sub
  • olcDbIndex: cn eq,pres,sub
  • olcDbIndex: entryUUID eq

In addition, ensure the fields mentioned in the help for Username are indexed for optimal performance.

For more information on the olcDBIndex directive used for indexing attributes, see the OpenLDAP Software Administrator's Guide.