LDAP/Active Directory Advanced Settings

Before setting up the LDAP/ADS configuration within the system, the Advanced settings should be revised. The default setup assumes that the User Groups that the system uses to authenticate match what is on the server, and that the User information imported matches the attributes available on the server.
 

LDAP/Active Directory Advanced Options Set-up

To configure the Advanced options within the LDAP/Active Directoy Setup window:

  1. Select Setup>Authentication
    The LDAP /Active Directory Setup screen appears.

  2. Click Edit

  3. Move to the Advanced tab of the selected Authentication Server

    ldap_ad_advanced.png

  4. Enter the relevant details for the fields, as required

    Field

    Description

    Revert to Defaults

    Resets the installation defaults.

    Update Schedule

    Sets a routine synchronization to update the system with current AD/LDAP accounts. Select the required Daily, Weekly or Monthly intervals and Commencement details.

    Commencement Time

    Set the day of the week and time the system is to start automatically synchronizing with the directory server.

     User Groups

    Provides imported Users Roles. (The system will look for these groups by default)

    The User Group names can be customized, only requiring a unique name for each group. The group names on the Directory Server must be identical to the User Group names entered here. Customize or use the default User Group names as necessary.

    Members of each group will be assigned the appropriate Role within the system. To assign multiple Roles to a User, make sure they are members of each of the required groups.

    Users
    can have only one of the  Supervisor, Technician or Partner Roles but they can also have any other Role or combination of Roles.

    Attribute Mapping

     

    Maps attributes from the directory server to corresponding fields in the system. Native system fields are First Name, Last Name, Email (A unique Email Address must be included for a User account to be created), Phone, Mobile, Pager, Address, City, Zip and Country.
     

    • Mandatory User information for new and existing User accounts include the First Name, Last Name and Email address. If these details are not available, the application will not validate an existing User account and automatically reassign any open or active requests to another valid User.

     

    Standard: Next to each field is a drop-down menu containing the list of default fields specific to either LDAP or ActiveDirectory server type. For each native name, the default fields are selected. Use the default mapping or select the mapping attribute as required.

     

    Custom: Select the Custom option to manually enter an Attribute Field.

    GUID

    Global Unique Identifier

    For ADS select objectGUID

    For OpenLDAP select entryUUID

    For eDirectory select GUID.

    LDAP User fields/ Mixed Mode User Fields

    The LDAP User field headings will be replaced with any custom LDAP/ADS Accounts fields created by the Administrator in Setup>Custom Fields ( See Custom Fields.), or Mixed Mode User Fields if the Mixed Mode option is enabled in the Server tab.

     

    Use the drop-down list to select the appropriate mapping to the matching directory server field or select Custom to manually enter a Field.

    Customer Orgs

    Organizational Unit relationships can also be mapped from the authentication server. By default this is not enabled. To activate Customer Organizational Unit mapping, select Yes for the Import Customer Organizational Units option and define where the Company and Department information is to be derived.

    Line Managers

    LDAP attribute that defines a Customer's line manager, which  is used for processing approvals on Service and Change Requests. Only system users with the Customer Role can be assigned as Line Managers.

  1. Click Save.

 

Mapping Fields to the Matching Directory Server Field

The LDAP User field headings will be replaced with any custom LDAP/ADS fields created by the Administrator in Setup>Custom Fields. See Custom Fields. Use the drop-down list to select the appropriate mapping to the matching directory server field or select Custom to manually enter a Field.

ldap_custom_import.png

 

User details are imported when synchronization with the Active Directory/LDAP server takes place. Imported fields cannot be modified through the service management tool directly, the appropriate authentication server console must be used.

 

Import Customer Org Units

Organizational Unit relationships can also be mapped from the authentication server. By default this is not enabled. To activate Customer Organizational Unit mapping, select Yes for the Import Customer Organizational Units option.

import_org_unit.png