Configure LDAP Vendor Attributes for SecureTrack

The configure_ldap_vendor_configuration script (located in /opt/tufin/securitysuite/scripts/) is used to configure the LDAP vendor attributes.

You can:

You can create a shell file with a list of commands, where each command configures a different attribute. Sample script files to create custom LDAPs can be found in: /opt/tufin/share/docs/examples/ldap_vendors/

Syntax

The add_or_update action:

  • Creates the specified vendor if it does not exist and adds the specified attribute.
  • Creates the specified attribute for an existing vendor.
  • Updates a value for an existing vendor.

    configure_ldap_vendor_configuration.sh --action add_or_update --vendor '<vendor_name>' --attr_objective '<attr_objective>' --attr_name '<attr_name>' --attr_type '<attr_type>'

Supported arguments

--action add_or_update

--action delete

add_or_update: Adds a new value or updates an existing value

delete: Deletes an existing value

--vendor '<vendor_name>'

The vendor name that is displayed in SecureTrack: Settings > Configuration > External Authentication > LDAP Authentication > Server Type

--attr_objective
'<attr_objective>'

An attribute from the list of LDAP server attributes

--attr_name '<attr_name>'

The name of the LDAP server field that corresponds to the attr_objective

--attr_type '<attr_type>'

Supported attribute types:

  • string
  • binary

Sample code

  • For the Active Directory vendor, update the mail attribute name to the string "mail":

    configure_ldap_vendor_configuration.sh --action add_or_update --vendor 'Active Directory' --attr_objective 'mailAttributeName' --attr_name 'mail' --attr_type 'string'