Home > Administrator Guide > Setup > LDAP > LDAP Setup Advanced Tab

LDAP/Active Directory Advanced Settings

Before setting up the LDAP/ADS configuration within the system, the Advanced settings should be revised. The default setup assumes that the User Groups that the system uses to authenticate match what is on the server, and that the User information imported matches the attributes available on the server.
 

LDAP/Active Directory Advanced Options Set-up

To configure the Advanced options within the LDAP/Active Directoy Setup window:

1. Select Setup>Authentication
   The LDAP /Active Directory Setup screen appears.

2. Click Edit

3. Move to the Advanced tab of the selected Authentication Server
   
   

4. Enter the relevant details for the fields, as required

   Field	Description
   Revert to Defaults	Resets the installation defaults.
   Update Schedule	Sets a routine synchronization to update the system with current AD/LDAP accounts. Select the required Daily, Weekly or Monthly intervals and Commencement details.
   Commencement Time	Set the day of the week and time the system is to start automatically synchronizing with the directory server.
   User Groups	Provides imported Users Roles. (The system will look for these groups by default) The User Group names can be customized, only requiring a unique name for each group. The group names on the Directory Server must be identical to the User Group names entered here. Customize or use the default User Group names as necessary. Members of each group will be assigned the appropriate Role within the system. To assign multiple Roles to a User, make sure they are members of each of the required groups. Users can have only one of the  Supervisor, Technician or Partner Roles but they can also have any other Role or combination of Roles.
   Attribute Mapping	Maps attributes from the directory server to corresponding fields in the system. Native system fields are First Name, Last Name, Email (A unique Email Address must be included for a User account to be created), Phone, Mobile, Pager, Address, City, Zip and Country.   Mandatory User information for new and existing User accounts include the First Name, Last Name and Email address. If these details are not available, the application will not validate an existing User account and automatically reassign any open or active requests to another valid User.   Standard: Next to each field is a drop-down menu containing the list of default fields specific to either LDAP or ActiveDirectory server type. For each native name, the default fields are selected. Use the default mapping or select the mapping attribute as required.   Custom: Select the Custom option to manually enter an Attribute Field.
   GUID	Global Unique Identifier For ADS select objectGUID For OpenLDAP select entryUUID For eDirectory select GUID.
   LDAP User fields/ Mixed Mode User Fields	The LDAP User field headings will be replaced with any custom LDAP/ADS Accounts fields created by the Administrator in Setup>Custom Fields ( See Custom Fields.), or Mixed Mode User Fields if the Mixed Mode option is enabled in the Server tab.   Use the drop-down list to select the appropriate mapping to the matching directory server field or select Custom to manually enter a Field.
   Customer Orgs	Organizational Unit relationships can also be mapped from the authentication server. By default this is not enabled. To activate Customer Organizational Unit mapping, select Yes for the Import Customer Organizational Units option and define where the Company and Department information is to be derived.
   Line Managers	LDAP attribute that defines a Customer's line manager, which  is used for processing approvals on Service and Change Requests. Only system users with the Customer Role can be assigned as Line Managers.

5. Click Save.

Mapping Fields to the Matching Directory Server Field

The LDAP User field headings will be replaced with any custom LDAP/ADS fields created by the Administrator in Setup>Custom Fields. See Custom Fields. Use the drop-down list to select the appropriate mapping to the matching directory server field or select Custom to manually enter a Field.

User details are imported when synchronization with the Active Directory/LDAP server takes place. Imported fields cannot be modified through the service management tool directly, the appropriate authentication server console must be used.

Import Customer Org Units

Organizational Unit relationships can also be mapped from the authentication server. By default this is not enabled. To activate Customer Organizational Unit mapping, select Yes for the Import Customer Organizational Units option.

• The details of the Org. Units are not populated upon this synch, only the Org. Unit names.
  For the Org. Unit details to be assigned to Customer or User Information, create the Org. Unit in the Supervisor>User>Organizational Units tab and ensure the Org. Unit name is identical to what is stored in the authentication server. If the details are not identical, the system will create another Org. Unit.