Page History

The Lightweight Directory Access Protocol (LDAP) is an open, vendor-neutral, industry-standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network.

LDAP integration allows connecting your instance

to LDAP or AD server and using it as

a source of the user data. It provides the ability to connect to a directory service storing the

authentication data, such as usernames, passwords, user home directories used for keeping business and other data, etc. The global objective of the LDAP engine is importing users into the system. And through this, synchronization with various corporate services can be achieved, and one account can be used to authorize in all corporate services, such as email, website, VoIP, and so on.

Image Added

The RDN (relative distinguished name) is the attribute defining the search directory like this: dc=instance,dc=com

In this client-server infrastructure scheme, the SimpleOne instance has to be a client connecting to the LDAP server.

The system synchronizes with the LDAP server in two ways:

• via the Schedule Jobs (automatic) – scheduled script defining periods of synchronization (for example, every 3 hours). See the Scheduled Script article to learn more.
• via the Autoprovision (triggered by logging in) – when user logs in, the system updates the requested data. Configure this way of synchronization via theuser.ldap_autoprovision property.

Establishing LDAP connection

To establish the connection between your SimpleOne instance and the LDAP server, complete the following steps:

1. Specify the LDAP server.
2. Define the LDAP URL.
3. Set up the LDAP.
4. Check settings.
5. (Optional) Data import.

Additional tools for setting up LDAP connection:

• LDAP log
• LDAP system properties

Specifying an LDAP server 

Anchor
LDAP server

LDAP server

To configure an LDAP connection,

complete the steps below:

1. Navigate

1. to LDAP → LDAP Servers

1. .
2. Click New and fill in the fields

1. .
2. Click Save to apply changes.
3. Copy the current record ID.

LDAP Server form fields

Defining an LDAP URL

Anchor
LDAP url LDAP url

Sometimes, customer infrastructure may contain more than one LDAP server,

for example,

as a standby (reserve) server. In this case, you may need to specify some particular server used for authorization

by arranging the URL order. If you have more than one server, create a separate LDAP URL for each of them.

To

create a URL,

complete the steps below:

1. Navigate

1. to LDAP → LDAP URL

1. .
2. Click New and fill in the fields

1. .
2. Click Save or Save and Exit to apply changes.

LDAP URL form fields

LDAP Settings

Anchor
LDAP definition LDAP definition

After configuring an LDAP server and an LDAP URL and performing all necessary customer infrastructure preparations, you are ready to set up an LDAP.

To configure the LDAP, perform the following steps:

1. Navigate to LDAP → LDAP Settings.
2. Click New and fill in the fields.
3. Click Save or Save and Exit to apply changes.

You can check the LDAP structure by clicking the Browse LDAP on the corresponding LDAP Server record.

Image Added

Checking settings 

Anchor
check LDAP connection check LDAP connection

Make sure that the connection is set up by performing the following steps:

1. Navigate to LDAP → LDAP Servers.
2. Open the record you need.
3. Click Test connection. The system will check the first URL connection defined by the order. If the connection is fine, you will see the Successfully connected message.
4. Click Test all connections. The system will check all defined connections. If the connections are fine, you will see the All connections are checked message.

If an error is thrown, check LDAP Log records.

LDAP Import

Anchor
LDAP import LDAP import

Import all necessary data from your LDAP server to the instance. 

To complete the data import using LDAP, you will need to set up the following system elements:

• LDAP Settings – specifies filters for retrieving data from a defined LDAP table.
• Import Source – loads row data for further processing and transformation.

The scheme below illustrates the process of data import from an LDAP server.

Image Added

See the Importing using LDAP article to learn more.

Example of the integration with AD

The "out-of-the-box" solution contains an example of the connection to the Active Directory (AD) service. 

Check out the examples mentioned below before setting up the LDAP import on an instance. The settings of the examples are protected from changes. In the hamburger menu of each record, click Make a copy to copy the example setting and change their values.

The following records are created and configured:

• the Demo_Active_Directory LDAP Server with the LDAP URL example. In your copy, specify the parameters of the server.

• the SimpleOneCourses1 and SimpleOneCourses2 LDAP Settings. Use one of these definitions as an example to create a working connection to the AD service.
  

  Expand
  title The description of the field values
  Field Value Description Filter Section Column width 50% Panel title SimpleOneCourses1 (&  (objectClass=person) (sn=*) ) Column width 50% Panel title SimpleOneCourses2 (&  (objectClass=person,top) (sn=*) ) The defined filter selects user records with any username to import from the AD service.  Query Field sAMAccountName The field that is used for connecting with the AD and querying the records. Attribute List samaccountname,sn,givenname,distinguishedname,msDS-cloudExtensionAttribute6,telephonenumber, mobile,mail,manager,company,useraccountcontrol,thumbnailphoto The attributes the LDAP query returns.

  
  

• the LDAP Users Import Source. Use one import source for the same LDAP settings.
• the Daily Import SimpleOne Employees and Daily Import SimpleOne Employees 2 scheduled imports. The AD data is imported daily at a specific time. Use one of the imports as an example to create your scheduled import.
• the Daily Deletion of Obsolete Import Sets scheduled script. The script deletes inactive import sets. When an import set is deleted, a cascading deletion occurs for the Import Set column of the Import Set Row table.

To connect and import users from the AD service, complete the following steps:

1. Create a local pack in the Simple application for the LDAP import settings.
2. Create copies of the records mentioned above and set up the LDAP integration by changing the field values to the required ones.
3. Click Test connection in the LDAP Server record. If the connection is established successfully, click Browse LDAP to check the LDAP structure.
4. After you checked the structure, go to the LDAP Setting you need and open the related import source.
5. (optional) Click Test Load (20 records) to create a test import set.
6. Click Load all records.
7. Click View Transform Map to create a Transform Map record. The Target Table value should match the value of the Table field in the LDAP Settings record.
8. On the Transform Map create Field Maps through the related list. The Login and Email field map records should have the selected Coalesce checkbox. The parameter defines the fields of the target table that will be used to search for the records based on the imported data. If a record is found in the target table, it will be updated. Otherwise, the system creates a new record.
9. Go back to the Import Source record and open the Import Set record via the related list.
10. Click Transform to import data from the AD service. 
11. Configure the copy of the Daily Import SimpleOne Employees scheduled import. Add the reference to the created Import Source.
12. Configure the copy of the Daily Deletion of Obsolete Import Sets scheduled script and select the Active checkbox. Copy the ID of the Import Source to the import_source_id variable of the script.

LDAP Log 

Anchor
LDAP log LDAP log

In case the system troughs an error, you can check the log messages to find the cause. In the LDAP Log, you can find records of failed authorization attempts or authorization policy avoidance attempts. In fact, all these messages are written into the Logs (sys_log) table.

To see the LDAP logs, navigate to LDAP → LDAP log.

LDAP Log form fields

LDAP System Properties

Anchor
LDAP system properties LDAP system properties

Some LDAP abilities can be configured on the client-side using

the System Properties engine. These properties are listed below.

.