Skip to main content Skip to complementary content
Qlik Resources

User directory connectors Generic LDAP properties

The following property groups are available for user directory connectors of the type Generic LDAP.

Identification

All fields are mandatory and must not be empty.

Property Description
Name The name of the UDC configuration, defined from the QMC.
Type

The UDC type.

User sync settings

Property Description Default value
Sync user data for existing users
  • When selected, only the existing users are synchronized. An existing user is a user who has logged in to Qlik Sense and/or been previously synchronized from the configured directory service.
  • When not selected, all the users, defined by the properties for the UDC, are synchronized from the configured directory service. You can create a filter to Active Directory, ApacheDS, or Generic LDAP if you only want to synchronize a selection of users.
Information noteThe user attributes are only synced when a user logs in to the hub. Even if you delete the user in the QMC, the active session is still valid for the user that has been deleted. If the hub is only refreshed, the user is added to the database, but without any attributes.

Selected

Connection

Property Description Default value

User directory name

Information noteNot entered manually for Active Directory.
 Must be unique, otherwise the connector will not be configured. The name of the UDC instance (to be compared to the domain name of an Active Directory). Together with the user's account name, this name makes a user unique.  
Path The URI used to connect to the directory server. To support SSL, specify the protocol as LDAPS instead. (Currently LDAPS is only supported for AD). ldap://company.domain.com
User name The optional user ID used to connect to the directory server. If this is empty, the user running the Qlik Sense repository is used to log on to the directory server. -
Password The optional password for the user. -
Information note When a user creates an Active Directory connector, the connector will only work if the user running the Qlik Sense services is allowed to access the directory server. If the user running the Qlik Sense services is not allowed to access the directory server, a user name and a password that allows access to the directory server must be provided.

Advanced

The Advanced property group contains the advanced LDAP connector properties in the Qlik Sense system.

Property Description Default value
Additional LDAP filter Used as the LDAP query to retrieve the users in the directory. -
Synchronization timeout (seconds) The timeout for reading data from the data source. 240
Page size of search

Determines the number of posts retrieved when reading data from the data source.

Tip note If the user synchronization is unsuccessful, try setting the value to '0' (zero).

2000 (For ApacheDS: 1000)
Use optimized query

This property allows Qlik Sense to optimize the query for directories containing many groups in proportion to the number of users retrieved.

Warning noteTo be able to use the optimization, the directory must be set up so that the groups refer to the users. If the directory is not set up correctly, the optimized query will not find all groups connected to the users.

This property is only visible for Generic LDAP and Active directory search, (Active Directory always uses optimization).

Not selected

Directory entry attributes

Information noteThe directory entry attributes are case-sensitive.
Property Description Default value

Type

The attribute name that identifies the type of directory entry (only users and groups are used by the LDAP UDC). objectClass
User identification

The attribute value of the directory entry that identifies a user.

 inetOrgPerson
Group identification The attribute value of the directory entry that identifies a group. group
Account name The unique user name (within the UDC) that the user uses to log in. sAMAccountName
Email The attribute name that holds the emails of a directory entry (user). mail
Display name The full name of either a user or a group directory entry. name
Group membership

The attribute indicates direct groups that a directory entry is a member of. Indirect group membership is resolved during the user synchronization.

This setting, or the one below, Members of directory entry, is allowed to be empty, which means that the group membership is resolved using only one of the two settings.

 memberOf
Members of directory entry

The attribute name that holds a reference to the direct members of this directory entry.

See also the Group membership setting, above.

 member

Tags

Property Description
Tags
Tip noteIf no tags are available, this property group is empty.

Connected tags are displayed under the text box.

Did this page help you?

If you find any issues with this page or its content – a typo, a missing step, or a technical error – let us know how we can improve!

Leave your feedback here