Configure LDAP Vendor Attributes for SecureTrack

The configure_ldap_vendor_configuration script (located in /opt/tufin/securitysuite/scripts/) is used to configure the LDAP vendor attributes.

You can:

Create a new vendor and add the relevant attributes.
Customize the attributes for an existing LDAP vendor.

You can create a shell file with a list of commands, where each command configures a different attribute. Sample script files to create custom LDAPs can be found in: /opt/tufin/share/docs/examples/ldap_vendors/

Syntax

The add_or_update action:

Creates the specified vendor if it does not exist and adds the specified attribute.
Creates the specified attribute for an existing vendor.
Updates a value for an existing vendor.

configure_ldap_vendor_configuration.sh --action add_or_update --vendor '<vendor_name>' --attr_objective '<attr_objective>' --attr_name '<attr_name>' --attr_type '<attr_type>'

Supported arguments

`--action add_or_update` `--action delete`	`add_or_update:` Adds a new value or updates an existing value `delete:` Deletes an existing value
`--vendor '<vendor_name>'`	The vendor name that is displayed in SecureTrack: Settings > Configuration > External Authentication > LDAP Authentication > Server Type
`--attr_objective` `'<attr_objective>'`	An attribute from the list of LDAP server attributes
`--attr_name '<attr_name>'`	The name of the LDAP server field that corresponds to the attr_objective
`--attr_type '<attr_type>'`	Supported attribute types: `string` `binary`

Sample code

For the Active Directory vendor, update the mail attribute name to the string "mail":

configure_ldap_vendor_configuration.sh --action add_or_update --vendor 'Active Directory' --attr_objective 'mailAttributeName' --attr_name 'mail' --attr_type 'string'