LDAP Server Integration

Multiple types and sources of directory servers can be synchronized with the system at any one time. Among the several LDAP servers supported by the system, and which this section discusses, are the following:

 

It should, however, be noted that LDAP does follow a standard and as such the settings detailed herein should also apply to other implementations.
 

Configuring LDAP Server Integration

To configure LDAP Server integration:

  1. Select Setup>LDAP

  2. Click New
    The LDAP /Active Directory Server tab is displayed.

  3. Enter the Server Name
    (If the system is to synch with Zenworks, ensure the Server Name matches the User Source Name used by Zenworks.)

  4. Select LDAP within the Type drop down list

    ldap_setup.png

  5. Complete the Settings fields

    Fields

    Description

    Security

    Secure Socket Layering (SSL) encryption is provided for Active Directory and LDAP server integration. Details entered here determines how the integration layer authenticates.

     

     User authentication can be with Secure Socket Layering (SSL) or Clear Text. Select Anonymous or User name and Password.

     

     If Anonymous is selected, ensure anonymous access to the directory is available.

    Server Host

    Enter the host name or IP Address of the LDAP Server.

    Server Port

    This is the LDAP Server Port. The default is 389.

    User name

    The system authenticates the user name against the LDAP Server. Leave this blank for anonymous connections.
    Where a user name is provided, Netscape allows the internal users to connect as the account name, so using ‘cn=Directory Manager’ is acceptable.
    Open LDAP expects the fully qualified Domain Name for the user, regardless of access level, so at the very least ‘cn=Manager,dc=example,dc=com’.
    For other accounts the user BaseDN is required. Users logging in need only enter their login name, it is assumed the login name will be unique across the entire directory.

    Password

    If a User account is specified in the User name field, enter the account password.

    BaseDN

    The Base Domain Name refers to the domain location of the User Groups. For example, assume that the location of the User Groups is the following:
    ou=UserGroups,ou=MIS,dc=myoffice,dc=mycompany,dc=com
    The above String would be the BaseDN.

    Locale

    Default Timezone

    Select the default Timezone to be applied to all User accounts imported using the authentication server.

  6. Enter all required fields to configure the Directory Server

    ldap__setup_details.png

 

Test Button
test.png

The Test button will create a connection to the LDAP Server using the configuration settings. If successful, it will attempt to determine how many Users are in the top level of each group and display a Results screen.
 

 

Synch Button
synch.png

The Synchronization button runs the synchronization process manually. It is most useful for the initial deployment, and when new directory server accounts have been created for Users who require immediate access to the system.

If using Certificates ensure the certificate details are entered in the Certificates tab before synchronizing.

Only one synchronization can run at a time. For multiple users needing access, create the accounts on the LDAP server then run a single manual synchronization.

A manual synchronization may take some time as it depends on the connection speed with the external service. The manual synchronization works best for small directories, as larger directories take more time to propagate changes.

 

Importing Customer Details

Customer details can be imported using LDAP by enabling the option, if required. When the system is setup to synchronize with LDAP, move to the Setup>Privileges>Customer tab and enable the Include Customers option.

setup_privileges_customer_ldap.png

If there is a need to create Customers using LDAP and the system's internal authentication capability, Mixed Mode authentication can also be enabled. After the option to Include Customers is set to Yes in the Customer Privilege tab, the Mixed Mode field is displayed. Set this option to Yes to allow Customers to be created directly in the system and using LDAP.