Versions Compared

Old Version 3

changes.mady.by.user Alina Luchkina

Saved on

compared with

New Version Current

changes.mady.by.user Darya Andryieuskaya

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Section


Column
width50%


Panel
borderColor#CCCCCC
bgColor#FFFFFF
titleBGColor#F0F0F0
borderStylesolid
titleOn the page:

Table of Contents



Column



General information

LDAP catalogs allow you to centralize the user management. Axxon One supports three operation scripts with LDAP:

  • Manual registration of LDAP users: allows granting selectively the access to the LDAP catalog. The administrator manually creates the Axxon One user and links it with the LDAP account.
  • Synchronization of LDAP users: allows adding users in bulk. The system loads users from the selected LDAP branch and automatically adds them to the selected Axxon One role.
  • Automatic registration of LDAP users: allows any LDAP user to log in to Axxon One under one or multiple predetermined roles. After the system successfully checks the password, the user is automatically added to the configuration and gets the role specified in the Role for automatic registration of user field.

Configuring LDAP

To configure the LDAP catalog, do the following:

  1. In the LDAP catalogs group, click the Create... button.

    Image Modified
    2. An
  2. The LDAP 1 object is added in the system. On the right,
    3. a
  3. the panel
    4. displays configuration settings for the
  4. with connection settings to the LDAP 1 catalog is displayed.
  5. In the Name field, enter
    6. a
  6. the name
    7. for
  7. of the catalog.
    Image Modified
  8. In the Server name or IP address field, enter the address
    9. of the
  9. of the LDAP catalog
    10. Server
  10. server.
  11. In the Port field, enter the connection port
    12. of the
  12. of the LDAP catalog
    13. Server
  13. server.

  14. In the Base DN field, enter the Distinguished Name of the branch

    15. ,

  15. from which the data search starts.

    Note
    titleAttention!
    • If LDAP users are located in multiple directories with
    16. a
    • the hierarchical structure, you cannot synchronize all users at the same time.
    • To synchronize each user group
    17. within a
    • in the DN branch, you must specify the path to the corresponding directory.
      For example, LDAP contains
    18. a
    • the Employees directory
    19. Employees
    • and
    20. subdirectories 
    • the Managers, Cashiers and Salesmen subdirectories:
      • DN branches for synchronizing users
    21. within Managers directory
      • within the Managers directory: ou=Managers,ou=Employees,dc=example,dc=com.
      • DN branches for synchronizing users
    22. within Cashiers directory
      • within the Cashiers directory: ou=Cashiers,ou=Employees,dc=example,dc=com.
      • DN branches for synchronizing users
    23. within Salesmen directory
      • within the Salesmen directory: ou=Salesmen,ou=Employees,dc=example,dc=com.
  24. In the User field, enter the name of
    25. a
  25. the user who has
    26. a
  26. the read access
    27. to
  27. from the base DN, in
    28. LDAP 
  28. LDAP (RDN + DN) format.
  29. In the Password field, enter the user password.
  30. Set the Use secure connection (SSL) checkbox if you want to use a secure connection (SSL) when
    31. connecting
  31. you connect to the LDAP catalog.

  32. In the Search filter field, enter

    33. a string for filtering catalog entries

  33. the filtering string of entries in the catalog.

    Note
    titleAttention!

    To upload users by groups, not by catalogs, you must use the memberof attribute in the

    34. MemberOf

  34. filter

    35. attribute

  35. . For example:

    (&(objectClass=user)(memberof=CN=YourGroup,OU=Users,DC=YourDomain,DC=com)

    36. .

  36. )

  37. In the Username attribute field, enter the attribute

    38. ,

  38. from which the username is obtained.

    39. Info
    titleNote

  39. To search for users

    40. by

  40. via the sAMAccountName attribute, you must enter the attribute in lowercase letters—samaccountname.

  41. In the DN attribute field, enter the attribute

    42. , Info
    titleNote

  42. from which the user's DN is obtained.

  43. You can use Microsoft Active Directory and OpenLDAP LDAP templates in the LDAP templates parameter to specify the username and DN attribute.

  44. In the Role for automatic registration of user field, enter
    45. a
  45. the role
    46. ,
  46. to which new users of the LDAP catalog are automatically added when they log in to Axxon One. If you don't specify a role, the automatic user creation for this catalog is disabled.
    47. Сlick
  47. Click the Apply Image Modified button.

The As a result, the LDAP catalog is added to the system.

To test the connection, click the Test connection button. If the connection is successful, the form in the lower part of the screen displays information about the below is filled by the data of catalog users. 
Image Modified
Otherwise, an error message appears.

Copying the LDAP catalog

To copy a catalog with all settings, do the following:

  1. Click the name of the catalog that you want to copy.
  2. Click the Create... button.

A As a result, the new catalog with identical settings is created. The default name of the new catalog is LDAP 1, LDAP 2, and so on, depending on the number of previously created catalogs.

Removing the LDAP catalog

To remove a catalog, do the following:

  1. Click the name of the catalog that you want to remove.
  2. Click the Remove Image Modified button.

The As a result, the selected catalog is removed.