Versions Compared

Old Version 1

changes.mady.by.user Alina Luchkina

Saved on

compared with

New Version Current

changes.mady.by.user Alena Kniazeva

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Section


Column
width50%


Panel
borderColor#CCCCCC
bgColor#FFFFFF
titleBGColor#F0F0F0
borderStylesolid
titleOn the page:

Table of Contents



Column

...



General information

LDAP catalogs allow you to centralize the user management. Axxon One supports three operation scripts with LDAP:

  • Manual registration of LDAP users: allows granting selective access to the LDAP catalog. The administrator manually creates the Axxon One user and links it with the LDAP account.
  • Synchronization of LDAP users: allows adding users in bulk. The system loads users from the selected LDAP branch and automatically adds them to the selected Axxon One role.
  • Automatic registration of LDAP users: allows any LDAP user to log in to Axxon One under one or multiple predetermined roles. After the system successfully checks the password, the user is automatically added to the configuration and gets the role specified in the Role for automatic registration of user field.

Configuration of the LDAP catalog

To configure the LDAP catalog, do the following:

  1. Go to the Configuration management tab → Users.

  2. In

    3. the

  3. the LDAP catalogs group, click the Create... button.

    Image Modified
    4. An
  4. The LDAP 1 object is added
    5. in
  5. to the system. On the right,
    6. a
  6. the panel
    7. displays configuration
  7. with connection settings
    8. for
  8. to the LDAP 1 catalog is displayed.
  9. In the Name field, enter a name for the catalog.
    Image Removed
    10. In the
  10. Specify the LDAP catalog settings listed in the table:
    FieldValueDescription
    LDAP connection
    NameLDAP 1Enter the name of the catalog
    Server name or IP address
    11. field, enter
  11. ldap.postland.orgEnter the address
    12. of the
  12. of the LDAP catalog
    13. Server.
  13. server
    14. In the Port field, enter
  14. Port 636Enter the connection port
    15. of the
  15. of the LDAP catalog
    16. Server.
  16. server
    Use secure connection (SSL)

    Image Added

    		Set the checkbox if you want to use a secure connection (SSL) when you connect to the LDAP catalog

    Image Added

    Base DNou=Address,dc=company,dc=domain

    Enter

    17. In the Base DN field, enter

  17. the Distinguished Name of the branch

    18. ,

  18. from which the data search starts

    19. .

  19. Note
    titleAttention!
    • If LDAP users are located in multiple directories with
    20. a
    • the hierarchical structure, you cannot synchronize all users at the same time.
    • To synchronize each user group
    21. within a
    • in the DN branch, you must specify the path to the corresponding directory.
      For example, LDAP contains
    22. a
    • the Employees directory
    23. Employees
    • and
    24. subdirectories 
    • the Managers, Cashiers and Salesmen subdirectories:
      • DN branches for synchronizing users
    25. within Managers directory
      • within the Managers directory: ou=Managers,ou=Employees,dc=example,dc=com.
      • DN branches for synchronizing users
    26. within Cashiers directory
      • within the Cashiers directory: ou=Cashiers,ou=Employees,dc=example,dc=com.
      • DN branches for synchronizing users
    27. within Salesmen directory
      • within the Salesmen directory: ou=Salesmen,ou=Employees,dc=example,dc=com.
    28. In the User field, enter
  28. Useruid=your.login,ou=Users,dc=company,dc=domainEnter the name of
    29. a
  29. the user who has
    30. a
  30. the read access
    31. to
  31. from the base DN
    32. ,
  32. in
    33. LDAP 
  33. the LDAP (RDN + DN) format
    34. .
  34. Password
    35. In

  		35. Enter the
    36. Password field, enter
  36. user password
    37. .
  37. Set the Use secure connection (SSL) checkbox if you want to use secure connection (SSL) when connecting to the LDAP catalog.
  38. Filter settings
    Search modeUsersSelect the search mode in the catalog
    Groups
    Users in Groups
    Users and Users in Groups
    Search filter(objectClass=person)

    Enter a filter string of entries in the catalog

    39. In the Search filter field, enter a string for filtering catalog entries.

  39. Note
    titleAttention!

    To upload users by groups, not by catalogs, you must use the memberof attribute in the

    40. MemberOf

  40. filter

    41. attribute

  41. . For example:

    (&(objectClass=user)(memberof=CN=YourGroup,OU=Users,DC=YourDomain,DC=com)

    42. .

  42. )

    Group search filter(objectClass=group)

    Enter a filter string of entries in the group

    Note
    titleAttention!

    The Search filter and Group search filter fields are mutually exclusive and are activated depending on the value in the Search mode field:

    • Users—only the Search filter field is active.
    • Groups—only the Group search filter field is active.
    • Users in Groups and Users and Users in Groups—both fields are active.
    LDAP templatesOpenLDAPSelect a template to set the username attribute
    Microsoft Active Directory
    Username attributecnEnter the attribute
    43. In the Username attribute field, enter the attribute,
  43. from which the username is obtained.
    44. Info
    titleNote
  44. To search for users
    45. by
  45. via the sAMAccountName attribute, you must enter the attribute in lowercase letters—samaccountname.
    46. In the
  46. DN attribute
    47. field, enter
  47. entrydn

    Enter the attribute

    48. , In the

  48. from which the user's DN is obtained.

    49. Info
    titleNote

    You can use Microsoft Active Directory and OpenLDAP LDAP templates in the LDAP templates parameter to specify the username and DN attribute.

  49. The default value of the DN attribute depends on the selected LDAP template:

    • For the OpenLDAP template, the value entrydn is used.
    • For the Microsoft Active Directory template, the value distinguishedname is used
  50. Role for automatic registration of user
    51. field, enter

  		51. Select a role
    52. ,
  52. to which new users of the LDAP catalog are automatically added when they log in to Axxon One. If you don't specify a role, the automatic user creation for this catalog is disabled
    53. .
    54. Сlick

  55. Click the Apply
    56. Image Removed
  56. Image Added button.

The As a result, the LDAP catalog is added to the system.

To test the connection, click the Test connection Image Added button. If the connection isn't successful, an error message appears.

To upload the catalog users, click the Load Image Added button. If the connection is successful, the form below is filled with user data. Otherwise, an error message appears.

Configuring LDAP directory group synchronization

LDAP directory group synchronization is used to automatically match LDAP user groups with system roles. To configure LDAP group synchronization:

  1. In the Filter settings panel, in

...

  1. the Search mode field, select Groups. The Configuring LDAP directory group synchronization panel opens on the right.
  2. Click the Load Image Added button.
  3. In the Configuring LDAP directory group synchronization panel:
    1. In the Group field, enter the name of the group.
    2. In the Distinguished Name (DN) field, select the necessary attribute from the list.
    3. In the Roles field, set the checkboxes next to the required roles to which new users will be automatically added.
    4. Click the Add Image Added button.
  4. Click the Apply Image Added button to save the changes.

Configuration of the LDAP directory group synchronization is complete.

Synchronization of the LDAP catalog

Synchronization can be performed manually or automatically. To synchronize LDAP catalogs:

  1. On the Users tab, click the LDAP catalogs group.
    Image Added
  2. Specify the synchronization parameters listed in the table:
    ParameterValueDescription
    Auto synchronization settings
    Enable

    Image Added

    		By default, automatic synchronization is disabled. To enable automatic synchronization, set the checkbox

    Image Added

    Synchronization server
    		Select the synchronization server from the drop-down list
    Synchronization period1 day 0 hours 0 minutesSet the period for automatic synchronization
    Synchronization status
    StatusStoppedBy default, the synchronization status is Stopped. Once synchronization starts, the status changes
    Last synchronizationUnknownBy default, the date of the last synchronization is displayed as Unknown. Once synchronization starts, the date and time of the last synchronization are displayed

  3. Click the Apply button.
  4. To start manual synchronization, click the Manual Synchronization button.

Configuration of synchronization is complete.

Copy

...

the LDAP catalog

To copy a catalog with all current settings , do the followingsaved:

  1. Click the name of the catalog that you want to copy.
  2. Click the Create button.

A As a result, the new catalog with identical settings is created. The default name of the new catalog is LDAP 1, LDAP 2, and so on, depending on the number of previously created catalogs.

...

Remove the LDAP catalog

To remove a catalog, do the following:

  1. Click the name of the catalog that you want to remove.
  2. Click the Remove
    3. Image Removed
  3. Image Added button.

The As a result, the selected catalog is removed.