Versions Compared

Old Version 3

changes.mady.by.user Bahdan Tsiulkou

Saved on

compared with

New Version 4

changes.mady.by.user Alena Kniazeva

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Manual registration of LDAP users: allows granting selectively the selective access to the LDAP catalog. The administrator manually creates the Axxon One user and links it with the LDAP account.
  • Synchronization of LDAP users: allows adding users in bulk. The system loads users from the selected LDAP branch and automatically adds them to the selected Axxon One role.
  • Automatic registration of LDAP users: allows any LDAP user to log in to Axxon One under one or multiple predetermined roles. After the system successfully checks the password, the user is automatically added to the configuration and gets the role specified in the Role for automatic registration of user field.

...

Configuration of the LDAP catalog

To configure the LDAP catalog, do the following:

  1. Go to the Configuration management tab → Users.

  2. In the In the LDAP catalogs group, click the Create... button.


    The LDAP 1 object is added in to the system. On the right, the panel with connection settings to the the LDAP 1 catalog is displayed.
    3. In the Name field, enter
  3. Specify the LDAP catalog settings listed in the table:
    FieldValueDescription
    LDAP connection
    NameLDAP 1Enter the name of the catalog
    4. .
    5. Image Removed
    In the
  5. Server name or IP address
    6. field, enter
  6. ldap.postland.orgEnter the address of the LDAP catalog server
    7. .
    8. In the Port field, enter
  8. Port 636Enter the connection port of the LDAP catalog server
    9. .
  9. Use secure connection (SSL)

    Image Added

    		Set the checkbox if you want to use a secure connection (SSL) when you connect to the LDAP catalog

    Image Added

    Base DNou=Address,dc=company,dc=domain


    Enter

    10. In the Base DN field, enter

  10. the Distinguished Name of the branch from which the data search starts

    11. .


  11. Note
    titleAttention!
    • If LDAP users are located in multiple directories with the hierarchical structure, you cannot synchronize all users at the same time.
    • To synchronize each user group in the DN branch, you must specify the path to the corresponding directory.
      For example, LDAP contains the Employees directory and the Managers, Cashiers and Salesmen subdirectories:
      • DN branches for synchronizing users within the Managers directory: ou=Managers,ou=Employees,dc=example,dc=com.
      • DN branches for synchronizing users within the Cashiers directory: ou=Cashiers,ou=Employees,dc=example,dc=com.
      • DN branches for synchronizing users within the Salesmen directory: ou=Salesmen,ou=Employees,dc=example,dc=com.
    12. In the User field, enter
  12. Useruid=your.login,ou=Users,dc=company,dc=domainEnter the name of the user who has the read access from the base DN
    13. ,
  13. in the LDAP (RDN + DN) format
    14. .
    15. In the Password field, enter
  15. Password
    		Enter the user password
    16. .
  16. Set the Use secure connection (SSL) checkbox if you want to use a secure connection (SSL) when you connect to the LDAP catalog.
    17. In the Search filter
  17. Filter settings
    Search modeUsersSelect the search mode in the catalog
    Groups
    Users in Groups
    Users and Users in Groups
    Search filter(objectClass=person)


    Enter a filter

    18. field, enter the filtering

  18. string of entries in the catalog

    19. .


  19. Note
    titleAttention!

    To upload users by groups, not by catalogs, you must use the memberof attribute in the filter. For example:

    (&(objectClass=user)(memberof=CN=YourGroup,OU=Users,DC=YourDomain,DC=com))

  20. Group search filter(objectClass=group)

    Enter a filter string of entries in the group

    Note
    titleAttention!

    The Search filter and Group search filter fields are mutually exclusive and are activated depending on the value in the Search mode field:

    • Users—only the Search filter field is active.
    • Groups—only the Group search filter field is active.
    • Users in Groups and Users and Users in Groups—both fields are active.

     

    LDAP templatesOpenLDAPSelect a template to set the username attribute
    Microsoft Active Directory
    Username attributecnEnter
    21. In the Username attribute field, enter
  21. the attribute from which the username is obtained. To search for users via the sAMAccountName attribute, you must enter the attribute in lowercase letters—samaccountname.
    22. In the
  22. DN attribute
    23. field, enter In the
  23. entrydn

    Enter the attribute from which the user's DN is obtained.

    24. You can use Microsoft Active Directory and OpenLDAP LDAP templates in the LDAP templates parameter to specify the username and DN attribute.

  24. The default value of the DN attribute depends on the selected LDAP template:

    • For the OpenLDAP template, the value entrydn is used.
    • For the Microsoft Active Directory template, the value distinguishedname is used
  25. Role for automatic registration of user
    26. field, enter the

  		26. Select a role to which new users of the LDAP catalog are automatically added when they log in to Axxon One. If you don't specify a role, the automatic user creation for this catalog is disabled
    27. .

  28. Click the Apply Image Removed Image Added button.

As a result, the LDAP catalog is added to the system.

To test the connection, click the Test connection Image Added button. If the connection isn't successful, an error message appears.

To upload the catalog users, click the Load Image Added button. If the connection is successful, the form below is filled by the data of catalog users. 
Image Removed
Otherwise, an error message appears.

...

with user data. Otherwise, an error message appears.

Synchronization of the LDAP catalog

Synchronization can be performed manually or automatically. To synchronize LDAP catalogs:

  1. On the Users tab, click the LDAP catalogs group.
    Image Added
  2. Specify the synchronization parameters listed in the table:
    ParameterValueDescription
    Auto synchronization settings
    Enable

    Image Added

    		By default, automatic synchronization is disabled. To enable automatic synchronization, set the checkbox

    Image Added

    Synchronization server
    		Select the synchronization server from the drop-down list
    Synchronization period1 day 0 hours 0 minutesSet the period for automatic synchronization
    Synchronization status
    StatusStoppedBy default, the synchronization status is Stopped. Once synchronization starts, the status changes
    Last synchronizationUnknownBy default, the date of the last synchronization is displayed as Unknown. Once synchronization starts, the date and time of the last synchronization are displayed

  3. Click the Apply button.
  4. To start manual synchronization, click the Manual Synchronization button.

Configuration of synchronization is complete.

Copy the LDAP catalog

To copy a catalog with all current settings , do the followingsaved:

  1. Click the name of the catalog that you want to copy.
  2. Click the Create ...button.

As a result, the new catalog with identical settings is created. The default name of the new catalog is LDAP 1, LDAP 2, and so on, depending on the number of previously created catalogs.

...

Remove the LDAP catalog

To remove a catalog, do the following:

  1. Click the name of the catalog that you want to remove.
  2. Click the Remove Image Removed Image Added button.

As a result, the selected catalog is removed.