RapidIdentity Product Guide: New UI

Latest Default Configuration

The default configuration is available for idauto-openldap Docker Images and Appliances running RapidIdentity 2019.* and newer. 

  • OpenLDAP version: 2.4.46

  • OpenLDAP Root Admin DN: cn=root, dc=system

    • default password: secret

      • not disclosed to IDaaS customers

    • full administrative access to OpenLDAP

  • RapidIdentity Service Account DN: cn=rapididentity, dc=system

    • default password: secret

      • not disclosed to IDaaS customers

    • administrative access to only dc=meta and o=changelog

  • RapidIdentity Admin DN: cn=Admin,ou=Service,ou=Accounts,dc=meta

    • default password: secret

      • not disclosed to IDaaS customers

    • administrative access to only dc=meta and o=changelog

  • Changelog DN: o=changelog

  • Schemas:

    • OpenLDAP provided schemas:

      • core

      • cosine

      • inetorgperson

      • ppolicy

    • RapidIdentity:

      • idauto-core - the schema required by all RapidIdentity components

      • idauto-arms - additional schema required by Portal

      • idauto-extra - all additional schema from the online schema manager tool as of 11 Dec 2018

    • Other standard schemas:

  • Directory Hierarchy:

    • Root DSE

      • cn=config - online configuration partition

      • o=changelog - changelog partition

      • cn=monitor - monitor partition

      • dc=system - system users partition

        • cn=root - OpenLDAP Root Admin account

        • cn=rapididentity - RapidIdentity Service Account

        • cn=ldapadmins - Delegated OpenLDAP Admins group

      • dc=meta - MetaDirectory data partition

        • ou=Accounts

          • ou=Internal

            • ou=Students

            • ou=Workforce

              • ou=Sponsored

              • ou=Employees

          • ou=External

            • ou=Customers

            • ou=Guardians

          • ou=Service

            • cn=Admin - Rapididentity Admin account (non-IDaaS)

        • ou=Groups

          • cn=Admins - RapidIdentity System Admins group (non-IDaaS)

          • cn=MetaAdmins - Delegated MetaDirectory Admins group (primarily for Connect connects)

        • ou=system

          • ou=policies

            • cn=default - Default Password Policy

  • MetaDirectory indexes:

    • objectClass, o, ou, cn, mail, sn, givenname, uid, member, uniqueMember, memberof, manager, entryCSN, entryUUID, l, title, employeeType, idautoID, idautoRequestAssociations, idautoGroupOwners, idautoGroupCoOwners, idautoGroupLastSynced, idautoPersonStatusStaff, idautoPersonStatusStudent, idautoGroupDeprovisionDate, idautoCourseDeprovisionDate, idautoPersonOffice365ID, idautoPersonTeacherEla, idautoPersonTeacherMath, idautoPersonTeacherScience, idautoPersonTeacherSS, idautoPersonGoogleAddress, idautoPersonFacStatusCode, idautoPersonFacCode, idautoPersonBadgeStatus, idautoPersonBarcodeNumber, idautoPersonBadgeID, idautoPersonSponsorEmail, idautoPersonStorageQuota, idautoPersonCompanyCode, idautoPersonDivisionCode, idautoPersonBusinessUnitCode, idautoPersonCostCenterCode, idautoPersonTimeclockCode, idautoPersonTempEmplID, idautoPersonMatchFlag, idautoPersonMatchStatus, idautoPersonStatusCode, idautoPersonToMutipleSystems, idautoPersonPwdExpDateRaw, idautoGroupToSystem5, idautoPersonDoNotDeprovision, idauto-pwdPrivateTS, idautoPersonCertifiedCode, idautoPersonDegree, idautoPersonGuardianID, idautoCourseCompanionTeacherCode, idautoCourseCompanionStudentCode, idautoPersonUserNameMV, idautoPersonStuGT, idautoPersonStu504, idautoPersonStuAtRisk, idautoPersonStuBilingual, idautoPersonStuESL, idautoPersonStuLEP, idautoPersonStuCATE, idautoPersonStuTitle1, idautoSCIMExternalId, idautoGroupDistrictID, idautoPersonSocialAuthMethodFlag, idautoPersonPAMEligible, idautoPersonRiskScore, idautoPersonForceDisable, idautoPersonClaimCode, idautoPersonDeptDescr, idautoPersonDeptCodes, idautoPersonJobCode, idautoPersonPriLocCode, idautoStatus, idautoPersonAffiliations

  • Overlays:

    • accesslog - changelog support

    • ppolicy -  password policy

    • idautopwd - password sync support

    • refint - referential integrity

      • configured attributes

        • aliasedObjectName seeAlso pwdPolicySubentry member owner roleOccupant manager documentAuthor secretary associatedName idautoDelegateSourceBaseDN idautoDelegateTargetBaseDN idautoGroupCoOwners idautoGroupIncludeBaseDN idautoGroupOwners idautoGroupStaticExcludes idautoGroupStaticIncludes idautoResourceCategoryACL idautoResourceACL idautoResourceAppOwnerApprover idautoResourceCategories idautoResourceConflicts idautoResourceDataClassification idautoResourceDependencies idautoResourceEntitlement idautoResourceManualProvisioner idautoResourceOwner idautoResourcePRD idautoResourceRevokePRD idautoResourceSecurityApprover idautoACL idautoRoleAssociatedResources idautoGroupExcludeBaseDN idautoPersonStudents idautoPersonTeachers idautoCourseTeacherDN idautoPersonStuTeachers

      • null reference - cn=null

    • sssvlv - server-side sort and virtual list view support

    • syncprov - replication support

    • unique - unique attribute enforcement

      • configured attributes

        • idautoid

        • idautoPersonUserNameMV

    • memberof

      • causes read-only operational attribute memberof to be added to group members