Page History

LDAP integration allows connecting your instance to LDAP or AD server and using it as a source of the user data. It provides the ability to connect to directory service storing the authentication data, such as usernames, passwords, user home directories used for keeping business and other data, etc. The global objective of the LDAP engine is importing users into the system. And through this, synchronization with various corporate services can be achieved, and one account can be used to authorize in all corporate services, such as email, website, VoIP, and so on.

In this client-server infrastructure scheme, the SimpleOne instance has to be a client connecting to the LDAP server.

Configuring an LDAP connection

Specifying an LDAP server

To configure an LDAP connection, you need to set up in the system first. For this, please complete the steps below:

Navigate to System LDAP → LDAP Servers.
Click New and fill in the fields.
Click Save or Save and Exit to apply changes.

LDAP Server form fields

Field	Mandatory	Description
Name	Y	Enter the server name.
Root Directory	Y	Enter the RDN (relative distinguished name) of the search directory. Example: dc=simpleone, dc=ru.
Active	N	Select this checkbox to make the server active or inactive.
Username	Y	Specify the username authenticating the LDAP connection.
Password	N	Specify the server's password.

Info
If the RDN is not specified, then during the authorization process LDAP server will attempt to reach the server root directory. If the user logging in is not authorized to access this directory, so the authorization process will be interrupted.

Specifying an LDAP URL

Sometimes, customer infrastructure may contain more than one LDAP server, as an example, for fault tolerance. In this case, you may need to specify some particular server used for authorization on the SimpleOne instance.

To perform this, please complete the steps below:

Navigate to System LDAP → LDAP URL.
Click New and fill in the fields.
Click Save or Save and Exit to apply changes.

LDAP URL form fields

Field	Mandatory	Description
URL	Y	Enter the LDAP URL there. Here's an example: ldaps://192.168.1.12:363
Active	N	Select this checkbox to make the URL active or inactive.
Order	N	Specify the order of this URL if there are more than one similar items. In this case, they will be processed in the descending order.
Operational Status	N	Ready to connect Connected Disconnected Error.
Server	Y	Specify the appropriate LDAP server (choose it from the previously created).

Tip

If you want to establish a secure LDAP connection (LDAP over SSL, LDAPS) via port 636, then you need to provide the SSL-certificate.

For this, please complete the steps below:

Navigate to System

LDAP →

Security → Certificates.
Click New to create a new record

.

;
Attach your SSL-certificate (.crt or .ca-bundle) file here

by clicking the attachments icon

Image Removed.

;
Click

Save or

Save or Save and Exit

to

to apply changes.

The form will get information from your certificate and place it into relevant fields.

Otherwise, your LDAP connection will proceed insecurely; generally, port 389 (TCP/UDP) is used in this case.

SSL Certificate form fields

Field	Description
Name	Specify record name.
Subject	Certificate issuing attributes. This field is populated automatically basing on the provided certificate data. For more information about these attributes, check for RFC 5280.
Issuer	The certificate issuer. This field is populated automatically basing on the provided certificate data.
Short description	Specify brief description for the record.
Active	Select this checkbox to make this certificate active or inactive.
Valid from	The date this certificate is valid from. This field is populated automatically basing on the provided certificate data.
Valid to	The date this certificate is valid to. This field is populated automatically basing on the provided certificate data.

LDAP Definition

After you have configured an LDAP server and an LDAP URL and performed all necessary customer infrastructure preparations, then you are ready to arrange an LDAP Definition. This is a formalized query to the Active Directory server containing the following information:

Excerpt Include

	Importing using LDAP
	Importing using LDAP

LDAP System Properties

Some of the LDAP abilities can be configured on the client-side using the System Properties engine. These properties are listed below.

Property name	Type	Default value	Description
user.authorization_when_no_ldap_connection	Boolean	True	Enables authorization if there's no LDAP connection. In this case, locally created credentials are used.
user.ldap_authentication	Boolean	True	Enables or disables LDAP authentication.
user.ldap_autoprovision	Boolean	True	Enables the automatic creation of users in the user table in the case of the user is created in LDAP but not created on the instance.

LDAP Log

In the case of necessity of any troubleshooting with your LDAP integration, you can check the log messages to find the fault causes.

For example, failed authorization attempts, or authorization policy avoidance attempts, all this information will be displayed here.

In fact, all these messages are written into the Logs (sys_log).

To use LDAP logs, please complete the steps below:

Navigate to System LDAP → LDAP log.
Find the records you need using the Condition Builder, and other filtering tools, such as Show Matching or Filter Out functionality.

LDAP Log form fields

Field	Mandatory	Description
Source	Y	Displays the source from where this log record comes from (LDAP Authorization or LDAP Autoprovision, as an example).
Message	N	The log record message text.
Level	Y	This field specifies the error level. Available options: Info Error Warning Debug.
Username	N	Reference to the user initiated this record creation.

Table of Contents

absoluteUrl	true
class	fixedPosition

Page tree

Versions Compared

Old Version 22

New Version 23

Key