Guidelines for configuring an OpenLDAP server

If you want to use an OpenLDAP server for identity federation, you must configure specific settings on the OpenLDAP server.

Memberof and refint overlays

The memberof and refint overlays should be enabled. For more information, see the instructions for reverse group membership maintenance in the administrator’s guide for OpenLDAP.

Indexing

You must configure the following OpenLDAP attributes with the specified index keywords:
  • olcDbIndex: objectClass eq
  • olcDbIndex: uid eq,pres,sub
  • olcDbIndex: cn eq,pres,sub
  • olcDbIndex: entryUUID eq

In addition, ensure the fields mentioned in the help for Username are indexed for optimal performance.

See the information about reverse group membership maintenance in the administrator’s guide for OpenLDAP.