PingDirectory provides a secure repository for sensitive user information, including profiles, credentials, and preferences. It serves as a central "single source of truth" for identity data, supporting millions of entries and operations per second.
For more detailed information refer to PingDirectory’s official page.
Integration Method: Data Collector (API Ingest)
Tables: User Inventory Info (5003)
This integration supports the following events.
Event | Description |
|---|---|
Users | List directory Entries |
This integration supports the following versions.
PingDirectory | PingDirectory 11 |
API Version | v1 |
Prerequisites
The user should have access to the device where the PingDirectory is installed.
The user should have access to the PingDirectory console with administrator privileges (cn=Directory Manager).
The user should have the domain and ou under which the user needs to be created.
The user should have a compatible version of the system in which we can configure the data collector.
The user should have access to the DataBee console.
Configuration Overview
Create a User in the PingDirectory.
Create PingDirectory Data Feed in the DataBee console.
DataBee Parameter
PingDirectory Parameter
Base URL
https://<instance> (IP/Instance of the PingDirectory)
Username
Username (E.g. uid=databee-api-readonly,ou=People,dc=comcast,dc=local)
Password
Password of the user
Data Collector Configuration and Installation
To receive events from PingDirectory, a Data Collector must be installed and configured. The data collector is used to call PingDirectory APIs in an on-prem environment and send data to DataBee securely.
Follow the steps provided in DataBee's official documentation to complete the configuration. Additionally, refer to this guide for detailed instructions on installing the Data Collector on your machine.
PingDirectory Configuration
Create User
Note:
The following steps are documented for Windows installation. The same configuration steps apply to other operating systems as well. Please refer to the official documentation for any OS-specific differences or issues.
Create the LDIF File
First, generate the data file that defines the new user attributes.Navigate to the directory: \PingDirectory-x.x.x.x\PingDirectory\ldif
Create a new file named databee-api-readonly-user.ldif.
Paste the following content into the file after replacing the below values and save:
LDAP DISTINGUISHED NAME: LDAP Distinguished Name (E.g. uid=databee-api-readonly,ou=People,dc=comcast,dc=local) for the user you want to create.
UID: uid (E.g. databee-api-readonly) of the user.
COMMON NAME: Common name (E.g. Databee API ReadOnly) of the user.
SURNAME: Surname (E.g. ReadOnly) of the user.
PASSWORD: Password for the user.
dn: <LDAP DISTINGUISHED NAME> changetype: add objectClass: top objectClass: inetOrgPerson uid: <UID> cn: <COMMON NAME> sn: <SURNAME> userPassword: <PASSWORD>
Modify Existing Entries
Navigate to the directory containing the executable tools: cd \PingDirectory-x.x.x.x\PingDirectory\bat
To apply the changes defined in your LDIF file to the server, execute the following command after replacing the below values.
HOSTNAME: Hostname/IP of the PingDirectory.
PORT: Port of the PingDirectory.
PASSWORD: Password of the Directory manager.
USER LDIF FILE: Full path to the created LDIF file (E.g. C:\Users\Comcast\Desktop\PingDirectory-x.x.x.x\PingDirectory\ldif\databee-api-readonly-aci.ldif).
ldapmodify.bat -h <HOSTNAME> -p <PORT> -D "cn=Directory Manager" -w <PASSWORD> -f "<USER LDIF FILE>"
Configure Access Control (ACI)
After creating the user, you must grant them specific permissions to read the directory data. This step applies to an Access Control Instruction (ACI) to the base of DN.Navigate to the directory: \PingDirectory-x.x.x.x\PingDirectory\ldif
Create a file named: databee-api-readonly-aci.ldif with the following content after replacing the below values:
DOMAIN: Domain (E.g. dc=comcast,dc=local) under which the user was created.
UID: uid (E.g. databee-api-readonly) of the user we created.
dn: <DOMAIN> changetype: modify add: aci aci: (target="ldap:///<DOMAIN> ")( targetscope="subtree ")(version 3.0; acl "Databee API REST Read"; allow ( read,search,compare) userdn="ldap:///uid=<UID>, ou= People,<DOMAIN>";)
Apply Access Control Permissions
Navigate to Batch Directory: cd \PingDirectory-x.x.x.x\PingDirectory\bat
Execute the following to apply the new permissions after replacing the below values:
HOSTNAME: Hostname/IP of the PingDirectory.
PORT: Port of the PingDirectory.
PASSWORD: Password of the Directory manager.
ACI FILE PATH: Full path to the created LDIF file created in step 4.
ldapmodify.bat -h <HOSTNAME> -p <PORT> -D "cn=Directory Manager" -w <PASSWORD> -f "<ACI FILE PATH>"
Run the command below from the \PingDirectory-x.x.x.x\PingDirectory\bat directory to verify the created user after replacing the following values.
HOSTNAME: Hostname/IP of the PingDirectory.
PORT: Port of the PingDirectory.
PASSWORD: Password of the Directory manager.
UID: uid (E.g. databee-api-readonly) of the user we created.
DOMAIN: Domain (E.g. dc=comcast,dc=local) under which the user was created.
ldapsearch.bat -h <HOSTNAME> -p <PORT> -D "cn=Directory Manager" -w <PASSWORD> -b "<DOMAIN> "(uid=<UID>)"
DataBee Configuration
Login to the DataBee UI, navigate to Data > Data Feeds and click the Add New Data Feed button.
Search for PingDirectory and click on it as shown below.
Click on the Data Collector option for collection method.
Click on the API Ingest option as the polling mechanism.
Enter the feed contact information, select the collector that you have created from the drop down, and then scroll down.
In the configuration page, confirm the following, then scroll down.
Base URL: Paste the Base URL which would be the IP address/instance of the Ping Directory.
Request Count: Set to 800
Interval: Set to 60 seconds
Event Types: Preselected for all the event types that integration pulls.
Note: Limit is set to 800 requests/60s for a spec (4GB RAM) setup. Use 400 requests/60s for lower-spec setups.
In the configure authentication page, confirm the following, then click on Submit.
Authorization Method: Basic
Username: Paste the username
Password: Paste the password
Enable TLS: Check the Enable TLS option
Skip Server-side Certificate Verification: Check it to disable the server-side certificate verification.
Troubleshooting Tips
Ensure that the server is reachable by opening the terminal on the receiver machine and running ping <server_ip> command.
If you encounter any issues regarding log forwarding, refer to the DataBee troubleshooting document for detailed guidance.