Back

Ping Directory

Last Updated:

 

September 9, 2025

Contents

Heading 2
Heading 3
Heading 4
Heading 5
Heading 6

Oleria provides identity security and access management teams with visibility and intelligence into who has access to what, where they got that access, how they use it, and whether they should even have it. As part of that promise, we deeply integrate your Ping Directory into the Oleria platform. Follow these steps to integrate Ping Directory with your Oleria workspace

Pre-requisites:

1.Administrator permissions on the Oleria workspace.

2.Administrator permissions on the machine where PingDirectory will be installed.

3.Administrative access within PingDirectory to create a user.


Step 1: Create a Service Account in the Ping Directory

This process involves creating an LDIF file to define the new service account and its permissions, then using the ldapmodify command to apply these changes to the directory.

1.1: Create the LDIF File

An LDIF (LDAP Data Interchange Format) file is a plain text file that contains a series of instructions for adding, deleting, or modifying entries in an LDAP directory. The file you'll create, create_readonly_user.ldif, will perform three specific functions:

  • Create an Organizational Unit (OU): An OU is a container that helps organize directory objects. The file will create a new OU called people to hold the new user account.
  • Create the Service Account: A new user entry will be created with the UID (User ID) readonlyoleriauser and the common name Read Only User. The inetOrgPerson object class is used, which is a standard object class for representing people in an LDAP directory.
  • Assign Read-Only Access: The most critical part of this file is the ACI (Access Control Instruction). This instruction grants the readonlyoleriauser account read and search permissions on all attributes within the entire directory subtree. This is what makes the account "read-only."

The content of the create_readonly_user.ldif file is as follows. Remember to replace <replace-with-your-base-dn> with your directory's base distinguished name (e.g., dc=example,dc=com) and Oleria@5 with a secure password.

dn: ou=people,<replace-with-your-base-dn> changetype: add objectClass: organizationalUnit ou: people dn: uid=readonlyoleriauser,ou=people,<replace-with-your-base-dn> changetype: add objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: person objectClass: top uid: readonlyoleriauser cn: Read Only User sn: User userPassword: Oleria@5 dn: <replace-with-your-base-dn> changetype: modify add: aci aci: (target="ldap:///<replace-with-your-base-dn>")(targetattr="* || +")(targetscope="subtree")(version 3.0; acl "Read access for readonlyoleriauser"; allow (read,search) userdn="ldap:///uid=readonlyoleriauser,ou=people,<replace-with-your-base-dn >";)

1.2: Execute the LDAP Modify Command

After creating the LDIF file, you need to use the ldapmodify command-line tool to apply the changes to your Ping Directory instance. This tool connects to the directory using an administrative account and executes the modifications defined in your LDIF file.

To execute this, open a command prompt, navigate to the bat directory inside your Ping Directory installation, and run the following command as a single line:

ldapmodify -h <hostname> -D "cn=Directory Manager" -w <password> -f create_readonly_user.ldif

  • <hostname>: The hostname or IP address of your Ping Directory server.
  • "cn=Directory Manager": The DN (Distinguished Name) of the administrative user with the necessary permissions. The default administrative user is cn=Directory Manager.
  • <password>: The password for the administrative user.
  • create_readonly_user.ldif: The path to the LDIF file you just created.

Step 2: Configure Syslog-Based Forwarder

This step uses the dsconfig command-line utility to configure a syslog-based log forwarder in Ping Directory. This is crucial for forwarding directory logs to a centralized log management system, like Fluentd, for monitoring and analysis. The provided command enables a publisher named "Fluentd Syslog Access Logger" and configures it to log a wide range of operational events, including search entries, security negotiations, and client IP addresses.

To execute this, open a command prompt, navigate to the Ping Directory installation's bat directory, and run the following command as a single line:

dsconfig set-log-publisher-prop --publisher-name "Fluentd Syslog Access Logger" --set enabled:true --set log-requests:true --set log-results:true --set log-connects:true --set log-disconnects:true --set log-search-entries:true --set log-search-references:true --set log-intermediate-responses:true --set log-security-negotiation:true --set include-requester-dn:true --set include-requester-ip-address:true --set include-request-details-in-result-messages:true --set include-request-details-in-search-entry-messages:true --set include-request-details-in-search-reference-messages:true --set include-connection-details-in-request-messages:true --set include-request-controls:true --set include-modify-attribute-names:true --set include-add-attribute-names:true --set include-extended-search-request-details:true --set include-search-entry-attribute-names:true --set include-result-code-names:true --set include-replication-change-id:true --set log-client-certificates:true --set suppress-internal-operations:false --set suppress-replication-operations:false


 Step 3:Integrate Ping Directory with your Oleria workspace 

Log in to your Oleria workspace and select Workspace > Integrations → Ping Directory

Provide a name for your agent and click continue.

You will see a PowerShell Script with a copy option. You need to execute this script on a server where you want to install the Oleria PD Agent.

 Step 4:Install Oleria PD Agent

Log in to the machine, open PowerShell with administrator privileges, and run the script downloaded from step 2.

The script will automatically create the following directory path on the machine before installation:C:\Program Files (x86)\OleriaPDConnect

This path will be used to store both Fluentd and OleriaPD Agent in one common folder for easier management.

4.1 You will see the Fluentd installation process 

Accept the license terms and select Next

Choose the installation path. You must select C:\Program Files (x86)\OleriaPDConnect as the installation folder.


Follow any subsequent prompts to complete the installation.

4.2 Oleria PD Agent installation process 

Accept the license terms and select Next

On the next page, provide the following.

  • Username: Provide the Service Account name created in step 1
  • Password: Provide the Service Account password 
  • DomainName:: Provide your domain name. Example if your domain name is example.local, provide dc=example,dc=local
  • DomainUrl: Provide your domain controller ip address

Select Next, and follow the prompts to complete the installation.

Click Next and follow the remaining prompts to finalize the installation.

Once the installation is completed, you will see an OleriaPDConnectAgent service in the services.

Step 5: Verify the Ping Directory status from the connected applications

Log in to your workspace → connected integrations → Ping Directory → select View Details to open the  side pane to view the agent health status.

Contact us

For questions about this integration, please contact us at support@oleria.com.

How can a comprehensive identity
security solution empower your team?

Let's talk