There are several important limitations related to LDAP Directory integration in Directories Management.

  • You can only integrate a single-domain LDAP directory environment.

    To integrate multiple domains from an LDAP directory, you need to create additional Directories Management directories, one for each domain.

  • The following authentication methods are not supported for Directories Management directories of type LDAP directory.

    • Kerberos authentication

    • RSA Adaptive Authentication

    • ADFS as a third-party identity provider

    • SecurID

    • Radius authentication with Vasco and SMS Passcode server

  • You cannot join an LDAP domain.

  • Integration with View or Citrix-published resources is not supported for Directories Management directories of type LDAP directory.

  • User names must not contain spaces. If a user name contains a space, the user is synced but entitlements are not available to the user.

  • If you plan to add both Active Directory and LDAP directories, ensure that you do not mark any attributes required in the User Attributes page, except for userName, which can be marked required. The settings in the User Attributes page apply to all directories in the service. If an attribute is marked required, users without that attribute are not synced to the Directories Management service.

  • If you have multiple groups with the same name in your LDAP directory, you must specify unique names for them in the Directories Management service. You can specify the names when you select the groups to sync.

  • The option to allow users to reset expired passwords is not available.

  • The domain_krb.properties file is not supported.