Page History

General information

LDAP catalogs allow you to centralize the user management. Axxon One supports three operation scripts with LDAP:

• Manual registration of LDAP users: allows granting selectively the access to the LDAP catalog. The administrator manually creates the Axxon One user and links it with the LDAP account.
• Synchronization of LDAP users: allows adding users in bulk. The system loads users from the selected LDAP branch and automatically adds them to the selected Axxon One role.
• Automatic registration of LDAP users: allows any LDAP user to log in to Axxon One under one or multiple predetermined roles. After the system successfully checks the password, the user is automatically added to the configuration and gets the role specified in the Role for automatic registration of user field.

Configuring LDAP

To configure the LDAP catalog, do the followingTo connect to an LDAP catalog:

1. In the LDAP catalogs group, click the Create... button.

   Image Modified
   
An
2. The LDAP 1 object is added in the system. On the right,
a
3. the panel
displays configuration settings for the LDAP catalog.
4. Enter a name for the catalog in the appropriate field (1).
   Image Removed
   
Enter
5. with connection settings to the LDAP 1 catalog is displayed.
6. In the Name field, enter the name of the catalog.
   Image Added
   
7. In the Server name or IP address field, enter the address of the
LDAP catalog server (2) and port (3)
8. LDAP catalog server.
9. In the Port field, enter the connection port of the LDAP catalog server.

10. In the Base DN field, enter the Distinguished Name of the branch from which

to start search (4)

11. the data search starts.

    Note
    title Attention!
    If LDAP users are located in multiple directories with

a tree-like

12. the hierarchical structure, you cannot

establish instant synchronization across

13. synchronize all users at the same time. To synchronize each user group

within a

14. in the DN branch, you

have to

15. must specify the path to the corresponding directory. For example, LDAP contains

a directory Employees including subdirectories

16. the Employees directory and the Managers, Cashiers and Salesmen

.

17. subdirectories: DN branches for synchronizing users within

Managers directory

18. the Managers directory: ou=Managers,ou=Employees,dc=example,dc=com. DN branches for synchronizing users within

Cashiers directory

19. the Cashiers directory: ou=Cashiers,ou=Employees,dc=example,dc=com. DN branches for synchronizing users within

Salesmen directory

20. the Salesmen directory: ou=Salesmen,ou=Employees,dc=example,dc=com.

Enter
21. In the User field, enter the name of
a
22. the user who has
write
23. the read access
to
24. from the base DN, in LDAP
format
25. (RDN + DN)
with password (5).If encryption (SSL) is required for connecting to the LDAP server, select the corresponding check box (6)
26. format.
27. In the Password field, enter the user password.
28. Set the Use secure connection (SSL) checkbox if you want to use a secure connection (SSL) when you connect to the LDAP catalog.

29. In the Search filter field, enter

a string for filtering catalog entries (7)

30. the filtering string of entries in the catalog.

    Note
    title Attention!
    To upload users by groups, not by

directories

31. catalogs, you

should

32. must use the memberof attribute in the

Member Of

33. filter

attribute

34. . For example: (&(objectClass=user)(memberof=CN=YourGroup,OU=Users,DC=YourDomain,DC=com)

.

35. )

36. In the Username attribute field, enter the

field

37. attribute from which the

user's login

38. username is obtained

(8)

39. .

Info

title	Note

40. To search for users

by

41. via the sAMAccountName attribute

sAMAccountName

42. , you must enter

their names in small letters –

43. the attribute in lowercase letters—samaccountname.

44. In the DN attribute field, enter the

field

45. attribute from which the user's DN is obtained

(9). Info

title	Note

To set a login and DN attribute, you

46. . You can use Microsoft Active Directory and OpenLDAP LDAP templates in the LDAP templates

. To use a template, click the relevant link (10).

47. Specify a default user role for users created via LDAP (11). If no role is specified, no automatic user creation will be possible for this catalog.

48. Сlick the Apply button.

49. parameter to specify the username and DN attribute.

50. In the Role for automatic registration of user field, enter the role to which new users of the LDAP catalog are automatically added when they log in to Axxon One. If you don't specify a role, the automatic user creation for this catalog is disabled.
51. Click the Apply Image Added button.

As a result, the LDAP catalog is The LDAP catalog is now added to the system.

To test the connection, click the Test connection button. If the connection is successful, the form on the lower part of the screen displays information about the below is filled by the data of catalog users. 
Image Added
Otherwise, an error message appears..

Copying the LDAP catalog

To copy a catalog with all settings, do the following:

1. Click the name of the catalog that you want to copy.
2. Click the Create... button.

As a result, the new catalog with identical settings is created. The default name of the new catalog is LDAP 1, LDAP 2, and so on, depending on the number of previously created catalogs.

Removing the LDAP catalog

To remove a catalog, do the following:

1. Click the name of the catalog that you want to remove.
2. Click the Remove Image Added button.

As a result, the selected catalog is removed.Image Removed