You can import user or group information from the LDAP database. These import sources match fields in your LDAP database to fields in your instance.

Make sure that the LDAP connection is established before importing.

Importing data


Role required: import_admin or admin.

To import data using LDAP, you need to configure an import source. To perform this, complete the steps below:

  1. Navigate to Import → Import Sources.
  2. Click New and fill in the fields.
  3. Click Save or Save and Exit to apply changes.
  4. Click Load All Records to create a temporary Import Set record.
  5. Create a transform map and field maps.
  6. Run a transform.
  7. Schedule the LDAP import.

Import Source form fields

FieldMandatoryDescription
NameYSpecify a name of the current record.
Import Set Table NameY

Specify the name of an import set table record. After saving the record, this name will be automatically transformed into a system name format with an application prefix and underscores instead of spaces. A new record will be automatically created in the Import Set (sys_import_set) table with this name when import is completed.

Example:

If the application prefix is app, and the specified name is My Test, then the system name of the Import Set (sys_import_set) table will be app_imp_my_test. The displayed name of the created table will be App imp my table.

Refer to the Data Import article to learn more.

TypeNThe type of external data source. Select LDAP to import data from your LDAP source.
LDAP DefinitionN

Specify a preconfigured LDAP definition containing locations, people, and user groups you need.

See the LDAP Integration article to learn how to configure an LDAP definition.

Configuring an LDAP definition


LDAP Definition form fields

FieldMandatoryDescription
NameYSpecify the LDAP definition name. The name you enter here becomes a target in the Import Sources record.
ActiveNSelect this checkbox to activate the LDAP definition and to allow data import.
Relative Distinguished Name (RDN)NEnter the relative distinguished name (RDN) of the subdirectory to search through.
ServerY

Specify the LDAP server containing users and groups directory and other information related to LDAP.

To configure the server, navigate to System LDAP → LDAP Servers and perform the needed actions.

TableY

Select the target table that will store data from your LDAP server. For users, select the Users (sys_user) table.

The target table specified is used for LDAP auto-provisioning (automatic creation of users in the Users (sys_user) table). This feature can be enabled or disabled by setting the user.ldap_autoprovision property.

FilterN

Enter a filter string to select specific records to import from the OU (organizational unit). 

For example, this filter specifies the excerpt, as shown below:

  • classified as a person
  • have an sn attribute value
  • are not computers
  • are not flagged as inactive
  • and login prerequisites are not equal to 'admin@simpleone.ru'

(&(objectClass=person)(sn=*)(!(objectClass=computer))(!(userAccountControl:1.2.840.113556.1.4.803:=2))(!(userPrincipalName=*.admin@simpleone.ru)))

For more information about LDAP filter syntax, refer to the appropriate RFC.

Query FieldN

Specify the attribute name within the LDAP server for querying the records.

Active Directory mostly uses the sAMAccountName attribute. Other LDAP servers tend to use the cn attribute.

Note that the Query Field is temporarily not working correctly – our team is working on its logic improvement to make it more efficient and secure. We will inform you about changes in the next releases.

Attribute ListN

Use the Attribute List field to specify (include and limit) the attributes the LDAP query returns. This approach is preferable for large LDAP imports in terms of timing.

If the field remains empty, the system loads all the objects with their attributes that your LDAP server is allowed to read.

/



  • No labels