LDAP integration allows connecting your instance using your to LDAP or AD server and using it as the a source of the user data. It provides the ability to connect to directory service storing the authentication data, such as usernames, passwords, user home directories used for keeping business and other data, etc. The global objective of the LDAP engine is importing users into the system. And through this, synchronization with various corporate services can be achieved, and one account can be used to authorize in all corporate services, such as email, website, VoIP, and so on.
In this client-server infrastructure scheme, the SimpleOne instance has to be a client connecting to the LDAP server.
Configuring an LDAP connection
Specifying an LDAP server
To configure an LDAP connection, you need to set up in the system first. For this, please complete the steps below:
- Navigate to System LDAP → LDAP Servers.
- Click New Click New and fill in the formfields.
- Click Save or Click Save or Save and Exit to to apply changes.
LDAP Server form fields
| Field | Mandatory | Description |
|---|---|---|
| Name | Y | Enter the server name. |
| Root Directory | Y | Enter the RDN (relative distinguished name) of the search directory. Example: dc=simpleone, dc=ru. |
| Active | N | Select this checkbox to make the server active or inactive. |
| Username | Y | Specify the username authenticating username authenticating the LDAP connection. |
| Password | N | Specify the server's password. |
| Info |
|---|
If the RDN is not specified, then during the authorization process LDAP server will attempt to reach the server root directory; if . If the user logging on to in is not authorized to access this directory, so the authorization process will be interrupted. |
Specifying an LDAP URL
Sometimes, customer infrastructure may contain more than one LDAP server, as an example, for fault tolerance. In this case, you may need to specify some particular server used for authorization on the SimpleOne instance.
To perform this, please complete the steps below:
- Navigate to System LDAP → LDAP URL.
- Click New Click New and fill in the formfields.
- Click Save or Click Save or Save and Exit to to apply changes.
LDAP URL form fields
| Field | Mandatory | Description |
|---|---|---|
| URL | Y | Enter the LDAP URL there. Here's an example:
|
| Active | N | Select this checkbox to make the URL active or inactive. |
| Order | N | Specify the order of this URL if there are more than one similar items. In this case, they will be processed in the descending order. |
| Operational Status | N |
|
| Server | Y | Specify the appropriate LDAP server (choose it from the previously created). |
| Tip |
|---|
If you want to establish a secure LDAP connection (LDAP over SSL, LDAPS) via port 636, then you need to provide the SSL-certificate. For this, please complete the steps below:
The form will get information from your certificate and place it into relevant fields. Otherwise, your LDAP connection will proceed insecurely; generally, port 389 (TCP/UDP) is used in this case. |
LDAP Definition
After you have configured an LDAP server and an LDAP URL and performed all necessary customer infrastructure preparations, then you are ready to arrange an LDAP Definition. This is a formalized query to the Active Directory server containing the following information:
| Excerpt Include | ||||
|---|---|---|---|---|
|
LDAP System Properties
Some of the LDAP abilities can be configured on the client-side using the the System Properties engine engine. These properties are listed below.
| Property name | Type | Default value | Description |
|---|---|---|---|
| user.authorization_when_no_ldap_connection | Boolean | True | Enables authorization if there's no LDAP connection. In this case, locally created credentials are used. |
| user.ldap_authentication | Boolean | True | Enables or disables LDAP authentication. |
| user.ldap_autoprovision | Boolean | True | Enables the automatic creation of users in the user table in the case of the user is created in LDAP but not created on the instance. |
LDAP Log
In the case of necessity of any troubleshooting with your LDAP integration, you can check the log messages to find the fault causes.
For example, failed authorization attempts, or authorization policy avoidance attempts, all this information will be displayed here.
In fact, all these messages are written to into the Logs (sys_log) .
To use LDAP logs, please complete the steps below:
- Navigate to System LDAP → LDAP log.
- Find the records you are interested in using the need using the Condition Builder, and other filtering tools, such as List layout#ShowMatching or List layout#FilterOut functionalityas Show Matching or Filter Out functionality.
LDAP Log form fields
| Field | Mandatory | Description |
|---|---|---|
| Source | Y | Displays the source from where this log record comes from (LDAP Authorization or LDAP Autoprovision, as an example). |
| Message | N | The log record message text. |
| Level | Y | This field specifies the error level. Available options:
|
| Username | N | Reference to the user initiated this record creation. |
| Table of Contents | ||||
|---|---|---|---|---|
|