You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

Можно импортировать из LDAP (т.е. юзеров из базы LDAP импортировать в симпле). Для этого нужно:

Создать новый импорт сорс. Для этого нужно:

  1. Navigate to Import → Import Sources;
  2. Click New, fill in the fields and click Save.

Import sources form fields

FieldDescription
NameDisplayed import source name.
Import set table nameDisplayed import set table name.
TypeType of external data source. To import data from your LDAP source, select LDAP.
LDAP Definition

Specify the definition containing locations, people and user groups.

It must be preliminarily configured in System LDAP → LDAP Definition.

LDAP definition form fields

FieldDescription
NameSpecify the definition name. The name you enter here becomes a target in the Import Sources record.
ActiveSelect this checkbox to activate the LDAP definition and to allow importing data.
RDNEnter the relative distinguished name (RDN) of the subdirectory to search through. 
ServerSpecify the LDAP server containing the users and groups directory and other information related to LDAP. This server must be preliminarily configured in System LDAP → LDAP Servers.
TableSelect the target table that perceives the data from your LDAP server. For users, select the User (sys_user) table, and for groups, select the Group (sys_group) table.
Filter

Enter a filter string to select specific records to import from the OU (organizational unit). 

For example, this filter specifies the excerpt as shown below:

  • Classified as a person,
  • Have an sn attribute value,
  • Are not computers,
  • Are not flagged as inactive,
  • And login prerequisites are not equal to 'admin@itglobal.com'.

(&(objectClass=person)(sn=*)(!(objectClass=computer))(!(userAccountControl:1.2.840.113556.1.4.803:=2))(!(userPrincipalName=*.admin@itglobal.com)))

For more information about LDAP filter syntax, please refer to appropriate RFC.

Query field

Specify the attribute name within the LDAP server for querying the records.

ActiveDirectory, mostly, uses the sAMAccountName attribute. Other LDAP servers tend to use the cn attribute.

  • No labels