LDAP Server Integration
Multiple types and sources of directory
servers can be synchronized with the system at any one time. Among the
several LDAP servers supported by the system, and which this section discusses,
are the following:
It should, however, be noted that LDAP
does follow a standard and as such the settings detailed herein should
also apply to other implementations.
Configuring
LDAP Server Integration
To configure LDAP Server integration:
Select
Setup>LDAP
Click
New
The LDAP /Active Directory Server tab is displayed.
Enter
the Server Name
(If the system is to synch with Zenworks, ensure the Server Name matches
the User Source Name used by Zenworks.)
Select
LDAP within the Type drop down list
Complete
the Settings fields
Fields |
Description |
Security |
Secure Socket Layering (SSL) encryption
is provided for Active Directory and LDAP server integration.
Details entered here determines how the integration layer
authenticates.
User authentication can be with
Secure Socket Layering (SSL) or Clear Text. Select Anonymous
or User name and Password.
If Anonymous is selected, ensure
anonymous access to the directory is available. |
Server Host |
Enter the host name or IP Address of
the LDAP Server. |
Server
Port |
This is the LDAP Server Port. The default
is 389. |
User
name |
The
system authenticates the user name against the
LDAP Server. Leave this blank for anonymous connections.
Where a user name is provided, Netscape allows the internal
users to connect as the account name, so using ‘cn=Directory
Manager’ is acceptable.
Open LDAP expects the fully qualified Domain Name for the user,
regardless of access level, so at the very least ‘cn=Manager,dc=example,dc=com’.
For other accounts the user BaseDN is required. Users logging
in need only enter their login name, it is assumed the login
name will be unique across the entire directory. |
Password |
If a User account is specified in the
User name field, enter the account password. |
BaseDN |
The
Base Domain Name refers to the domain location of the User
Groups. For example, assume that the location of the User
Groups is the following:
ou=UserGroups,ou=MIS,dc=myoffice,dc=mycompany,dc=com
The above String would be the BaseDN. |
Locale |
Default
Timezone |
Select the default Timezone to be applied
to all User accounts imported using the authentication server. |
Enter
all required fields to configure the Directory Server
Test Button
The
Test button will create a connection to the LDAP Server using the configuration
settings. If successful, it will attempt to determine how many Users are
in the top level of each group and display a Results screen.
Synch Button
The Synchronization button runs the synchronization
process manually. It is most useful for the initial deployment, and when
new directory server accounts have been created for Users who require
immediate access to the system.
If using Certificates ensure the certificate details are entered in the
Certificates tab before synchronizing.
Only one synchronization can run at a time. For multiple users needing
access, create the accounts on the LDAP server then run a single manual
synchronization.
A manual synchronization may take some time as it depends on the connection
speed with the external service. The manual synchronization works best
for small directories, as larger directories take more time to propagate
changes.
Importing Customer Details
Customer details can be imported
using LDAP by enabling the option, if required. When the system is setup
to synchronize with LDAP, move to the Setup>Privileges>Customer
tab and enable the Include Customers option.
If there is a need to create
Customers using LDAP and the system's internal authentication capability,
Mixed Mode authentication can also be enabled. After the option to Include
Customers is set to Yes in the Customer Privilege tab, the Mixed Mode
field is displayed. Set this option to Yes to allow Customers to be created
directly in the system and using LDAP.