Page History

Section

Column

width	50%

Panel

borderColor	#CCCCCC
bgColor	#FFFFFF
titleBGColor	#F0F0F0
borderStyle	solid
title	On the page:

Table of Contents

Column

...

Connect an LDAP catalog

To work in the system of LDAP users, you must configure access to LDAP catalogs.

To create an LDAP catalog, do the following:

Go to the System settings tab → LDAP.
Click the Add a new LDAP catalog Image Added button.
A window with the settings of an LDAP catalog

settings

opens:

Image Removed

Field

Description

Source name

Specify the catalog name

Admin name

Enter the name of the user who has read access from the base DN in LDAP format (RDN + DN)

Admin password

Enter the user password

LDAP attribute distinguish name

Enter the attribute from which the user's DN is identified

LDAP attribute user login

Enter the attribute from which the user name is identified

Info

title	Note

To search for users by the sAMAccountName attribute, you must enter it in lowercase letters—samaccountname.

LDAP attribute

user name

username Enter the attribute

user name

username that the user sees after synchronization

LDAP server network name

Enter the IP address or network name of the LDAP server. If the server uses the SSL/STLS protocol mode, you can use only the network name

Port

Enter the port to connect to the LDAP catalog server

Search base distinguish name

Enter the DN of the branch (Distinguished Name) from which you want to start the data search

Note

title	Attention!

If users in LDAP are located in several directories with a hierarchical structure, you cannot synchronize all users at the same time.
To synchronize each user group in the DN branch, you must specify the path to the appropriate directory.
For example, LDAP has a directory called Employees and subdirectories called Managers, Cashiers, and Salespersons:

DN of the branch to synchronize users of the Managers directory: ou=Managers,ou=Employees,dc=example,dc=com.
DN of the branch to synchronize users of the Cashiers directory: ou=Cashiers,ou=Employees,dc=example,dc=com.
DN of the branch to synchronize users of the Salespersons directory: ou=Salespersons,ou=Employees,dc=example,dc=com.

Search filter

Enter the filter string of entries in the catalog

Note

title	Attention!

To download users by groups rather than by catalogs, you must use the MemberOf attribute in the filter. For example:

(&(objectClass=user)(memberof=CN=YourGroup,OU=Users,DC=YourDomain,DC=com))

Checkbox

Use SSL

Set the checkbox if you want to use a secure connection (SSL) when you connect to the LDAP catalog

Import non-group users

Set the checkbox if you want to import LDAP users who aren't part of the groups

You can also specify the settings to automatically synchronize the LDAP catalog. Without these settings, you must perform synchronization manually. To configure synchronization

, do the following

:
1. Click the

Sync

1. Add sync schedule

button

1. button.
2. From the Time zone drop-down list, select the time zone for synchronization.
3. In the Start time field, set the start time of synchronization.
4. Select the periodicity of synchronization:
  1. Select Weekly and select the days on which you want synchronization to be performed.
  2. Select Interval in hours and select the time when you want synchronization to be performed again.
Click the

APPLY

Apply Image Added button.

As a result, the LDAP tab displays the catalog that you added.

Image RemovedImage Added

...

View users

To view the users of the catalog, click the LDAP catalog users Image Removed Image Added button. As a result, the list of all users is displayed.

User synchronization

If you don’t specify the settings for automatic synchronization when you create the an LDAP catalog, synchronization must be performed manually. To do this: