You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 17 Next »

You can transfer user or group information from the LDAP database if there any integration is configured. These import sources match fields in your LDAP database to fields in your instance.

Creating an import source

To import data using LDAP, you need to configure an import source first. To perform this, please complete the steps below:

  1. Navigate to Import → Import Sources.
  2. Click New and fill in the fields.
  3. Click Save or Save and Exit to apply changes.

Import sources form fields

FieldMandatoryDescription
NameYDisplayed import source name.
Import Set Table NameYDisplayed import set table name.
TypeYType of external data source. To import data from your LDAP source, select LDAP.
LDAP DefinitionN

Specify the definition containing locations, people, and user groups.

You can configure this definition at the System LDAP → LDAP Definition menu item. See the LDAP Integration article to learn more.

LDAP definition form fields

FieldMandatoryDescription
NameYSpecify the definition name. The name you enter here becomes a target in the Import Sources record.
ActiveNSelect this checkbox to activate the LDAP definition and to allow importing data.
Relative Distinguished Name (RDN)NEnter the relative distinguished name (RDN) of the subdirectory to search through. 
ServerY

Specify the LDAP server containing the users and groups directory and other information related to LDAP.

To configure the server, perform the needed actions at the System LDAP → LDAP Servers menu item.

TableY

Select the target table that receives the data from your LDAP server. For users, select the Users (sys_user) table.

The target table specifying is used for LDAP auto-provisioning (automatic creation of users in the Users (sys_user) table). This feature can be enabled or disabled by setting the proper value for the user.ldap_autoprovision property.

FilterN

Enter a filter string to select specific records to import from the OU (organizational unit). 

For example, this filter specifies the excerpt, as shown below:

  • Classified as a person
  • Have an sn attribute value
  • Are not computers
  • Are not flagged as inactive
  • And login prerequisites are not equal to 'admin@simpleone.ru'.

(&(objectClass=person)(sn=*)(!(objectClass=computer))(!(userAccountControl:1.2.840.113556.1.4.803:=2))(!(userPrincipalName=*.admin@simpleone.ru)))

For more information about LDAP filter syntax, please refer to the appropriate RFC.

Query FieldN

Specify the attribute name within the LDAP server for querying the records.

ActiveDirectory, mostly, uses the sAMAccountName attribute. Other LDAP servers tend to use the cn attribute.

  • No labels

© 2019-2023, SimpleOne

https://simpleone.ru