Versions Compared
Key
- This line was added.
- This line was removed.
- Formatting was changed.
LDAP integration allows your instance using your LDAP or AD server as the source of the user data. It provides the ability to connect to directory service storing the authentification data, such as usernames, passwords, user home directories used for keeping business and other data, etc. The global objective of the LDAP engine is importing users into the system. And through this, synchronization with various corporate services can be achieved, and one account can be used to authorize in all corporate services, such as email, website, VoIP, and so on.
In this client-server infrastructure scheme, the SimpleOne instance has to be a client connecting to the LDAP server.
Configuring an LDAP connection
Specifying an LDAP server
To configure an LDAP connection, you need to set up in the system first. For this, please complete the steps below:
- Navigate to System LDAP → LDAP Servers;.
- Click New, fill and fill in the fields and click Saveform.
- Click Save or Save and Exit to apply changes.
LDAP Server form fields
| Field | Description |
|---|---|
| Name | Enter the server name. |
| Username | Specify the username authenticating the LDAP connection. |
| Password | Specify the server's password. |
| Root directory | Enter the RDN (relative distinguished name) of the search directory. Example: dc=simpleone, dc=ru. |
| Active | Select this checkbox to make the server active or inactive. |
| Info |
|---|
If the RDN is not specified, then during the authorization process LDAP server will attempt to reach the server root directory; if the user logging on to is not authorized to access this directory, so the authorization process will be interrupted. |
Specifying an LDAP URL
Sometimes, customer infrastructure may contain more than one LDAP server, as an example, for fault tolerance. In this case, you may need to specify some particular server used for authorization on the SimpleOne instance.
To perform this, please complete the steps below:
- Navigate to System LDAP → LDAP URL;.
- Click New , fill
- and fill in the fields and click Save
- form.
- Click Save or Save and Exit to apply changes.
LDAP URL form fields
| Field | Description |
|---|---|
| URL | Enter the LDAP URL there. Here's an example:
|
| Active | Select this checkbox to make the URL active or inactive. |
| Order | Specify the order of this URL if there are more than one similar items. In this case, they will be processed in the descending order. |
| Operational status |
|
| Server | Specify the appropriate LDAP server (choose it from the previously created). |
| Tip |
|---|
If you want to establish a secure LDAP connection (LDAP over SSL, LDAPS) via port 636, then you need to provide the SSL-certificate. For this, please complete the steps below:
The form will get information from your certificate and place it into relevant fields. Otherwise, your LDAP connection will proceed insecurely; generally, port 389 (TCP/UDP) is used in this case. |
LDAP Definition
After you have configured an LDAP server and an LDAP URL and performed all necessary customer infrastructure preparations, then you are ready to arrange an LDAP Definition. This is a formalized query to the Active Directory server containing the following information:
| Excerpt Include | ||||
|---|---|---|---|---|
|
LDAP System Properties
Some of the LDAP abilities can be configured on the client-side using the System Properties engine. These properties are listed below.
| Property name | Type | Default value | Description |
|---|---|---|---|
| user.authorization_when_no_ldap_connection | Boolean | True | Enables authorization if there's no LDAP connection. In this case, locally created credentials are used. |
| user.ldap_authentication | Boolean | True | Enables or disables LDAP authentication. |
| user.ldap_autoprovision | Boolean | True | Enables the automatic creation of users in the user table in the case of the user is created in LDAP but not created on the instance. |
LDAP Log
In the case of necessity of any troubleshooting with your LDAP integration, you can check the log messages to find the fault causes.
For example, failed authorization attempts, or authorization policy avoidance attempts, all this information will be displayed here.
In fact, all these messages are written to the Logs (sys_log)
To use LDAP logs, please complete the steps below:
- Navigate to System LDAP → LDAP log;.
- Find the records you are interested in using the Condition Builder, and other filtering tools, such as List layout#ShowMatching or List layout#FilterOut functionality.
LDAP Log form fields
| Field | Description |
|---|---|
| Source | Displays the source from where this log record comes from (LDAP Authorization or LDAP Autoprovision, as an example). |
| Level | This field specifies the error level. Available options:
|
| Message | The log record message text. |
| Created by | Reference to the user who has added the record. |
| Created at | The date and time when the record was added. |
| Table of Contents | ||||
|---|---|---|---|---|
|