The Genetec ClearID™ LDAP Synchronization Agent is a Windows application that is used to synchronize Active Directory (AD) Lightweight Directory Access Protocol (LDAP) attributes into Genetec ClearID™ identity attributes.
The ClearID LDAP Synchronization Agent application includes the following components:
- Konfigurator (Genetec.ClearID.LdapSyncAgentConfiguration.exe) is the user interface component of the windows application that is used to configure the synchronization agent.
- Genetec ClearID LDAP Synchronizer (Genetec.ClearID.LdapSyncAgent.Service.exe) is the Windows service component of the application that performs Active Directory LDAP attributes to Genetec ClearID™ identity attributes synchronization automatically in the background at intervals specified in the Synchronization Agent.
The ClearID LDAP Synchronization Agent application is intended for use by IT or security personnel responsible for Active Directory (AD) administration.
Synchronization
Identities in ClearID can come from a variety of data sources (Databases, HR, External Sources) and can be synchronized using various tools (Genetec ClearID™ LDAP Synchronization Agent, Genetec ClearID™ API, or Genetec ClearID™ One Identity Synchronization Tool).
The following information describes Active Directory LDAP synchronization:
-
Synchronization of LDAP attributes into ClearID identity attributes is INBOUND
only.
CAUTION:Any changes only made to identities in ClearID can be overwritten by the next synchronization from the Active Directory.
- Synchronization occurs automatically at the intervals specified in the ClearID LDAP
Synchronization Agent.
- The whenChanged attribute indicates the last time that a synchronization occurred. This attribute is then used to query Active Directory users that have changed since the last synchronization so that only changed users are updated when the next synchronization occurs.
- The first time a synchronization occurs, all Active Directory user attributes are synchronized.
- The next time a synchronization occurs, only Active Directory user attributes that have changed since the last time the agent ran are synchronized.