Page History

...

• Manual registration of LDAP users: allows granting selectively the selective access to the LDAP catalog. The administrator manually creates the Axxon One user and links it with the LDAP account.
• Synchronization of LDAP users: allows adding users in bulk. The system loads users from the selected LDAP branch and automatically adds them to the selected Axxon One role.
• Automatic registration of LDAP users: allows any LDAP user to log in to Axxon One under one or multiple predetermined roles. After the system successfully checks the password, the user is automatically added to the configuration and gets the role specified in the Role for automatic registration of user field.

...

Configuration of the LDAP catalog

To configure the LDAP catalog, do the following:

1. Go to the Configuration management tab → Users.

2. In the the LDAP catalogs group, click the Create... button.

   
   The LDAP 1 object is added in to the system. On the right, the panel with connection settings to the the LDAP 1 catalog is displayed.
In the Name field, enter
3. Specify the LDAP catalog settings listed in the table:
   

   Field	Value	Description
   LDAP connection
   Name	LDAP 1	Enter the name of the catalog

.
Image Removed
In the

5. Server name or IP address

field, enter

6. ldap.postland.org

   Enter the address of the LDAP catalog server

.
In the Port field, enter

8. Port

   636

   Enter the connection port of the LDAP catalog server

.

9. Use secure connection (SSL)	Image Added	Set the checkbox if you want to use a secure connection (SSL) when you connect to the LDAP catalog
   	Image Added
   Base DN	ou=Address,dc=company,dc=domain	Enter

In the Base DN field, enter

10. the Distinguished Name of the branch from which the data search starts

.

11. Note title Attention! If LDAP users are located in multiple directories with the hierarchical structure, you cannot synchronize all users at the same time. To synchronize each user group in the DN branch, you must specify the path to the corresponding directory. For example, LDAP contains the Employees directory and the Managers, Cashiers and Salesmen subdirectories: DN branches for synchronizing users within the Managers directory: ou=Managers,ou=Employees,dc=example,dc=com. DN branches for synchronizing users within the Cashiers directory: ou=Cashiers,ou=Employees,dc=example,dc=com. DN branches for synchronizing users within the Salesmen directory: ou=Salesmen,ou=Employees,dc=example,dc=com.

In the User field, enter

12. User

    uid=your.login,ou=Users,dc=company,dc=domain

    Enter the name of the user who has the read access from the base DN

,

13. in the LDAP (RDN + DN) format

.
In the Password field, enter

15. Password

    Enter the user password

.
16. Set the Use secure connection (SSL) checkbox if you want to use a secure connection (SSL) when you connect to the LDAP catalog.
In the Search filter

17. Filter settings
    Search mode	Users	Select the search mode in the catalog
    	Groups
    	Users in Groups
    	Users and Users in Groups
    Search filter	(objectClass=person)	Enter a filter

field, enter the filtering

18. string of entries in the catalog

.

19. Note title Attention! To upload users by groups, not by catalogs, you must use the memberof attribute in the filter. For example: (&(objectClass=user)(memberof=CN=YourGroup,OU=Users,DC=YourDomain,DC=com))
    Group search filter	(objectClass=group)

20. 	Enter a filter string of entries in the group Note title Attention! The Search filter and Group search filter fields are mutually exclusive and are activated depending on the value in the Search mode field: Users—only the Search filter field is active. Groups—only the Group search filter field is active. Users in Groups and Users and Users in Groups—both fields are active.
    LDAP templates	OpenLDAP	Select a template to set the username attribute
    	Microsoft Active Directory
    Username attribute	cn	Enter

In the Username attribute field, enter

21. the attribute from which the username is obtained. To search for users via the sAMAccountName attribute, you must enter the attribute in lowercase letters—samaccountname.

In the

22. DN attribute

field, enter In the

23. entrydn

    Enter the attribute from which the user's DN is obtained.

You can use Microsoft Active Directory and OpenLDAP LDAP templates in the LDAP templates parameter to specify the username and DN attribute.

24. The default value of the DN attribute depends on the selected LDAP template: For the OpenLDAP template, the value entrydn is used. For the Microsoft Active Directory template, the value distinguishedname is used

25. Role for automatic registration of user

field, enter the

26. Select a role to which new users of the LDAP catalog are automatically added when they log in to Axxon One. If you don't specify a role, the automatic user creation for this catalog is disabled

.
27. 
    
28. Click the Apply Image Removed Image Added button.

As a result, the LDAP catalog is added to the system.

To test the connection, click the Test connection Image Added button. If the connection isn't successful, an error message appears.

To upload the catalog users, click the Load Image Added button. If the connection is successful, the form below is filled by the data of catalog users. 
Image Removed
Otherwise, an error message appears.

...

with user data. Otherwise, an error message appears.

Configuring LDAP directory group synchronization

LDAP directory group synchronization is used to automatically match LDAP user groups with system roles. To configure LDAP group synchronization:

1. In the Filter settings panel, in the Search mode field, select Groups. The Configuring LDAP directory group synchronization panel opens on the right.
2. Click the Load Image Added button.
3. In the Configuring LDAP directory group synchronization panel:
   1. In the Group field, enter the name of the group.
   2. In the Distinguished Name (DN) field, select the necessary attribute from the list.
   3. In the Roles field, set the checkboxes next to the required roles to which new users will be automatically added.
   4. Click the Add Image Added button.
4. Click the Apply Image Added button to save the changes.

Configuration of the LDAP directory group synchronization is complete.

Synchronization of the LDAP catalog

Synchronization can be performed manually or automatically. To synchronize LDAP catalogs:

1. On the Users tab, click the LDAP catalogs group.
   Image Added
2. Specify the synchronization parameters listed in the table:
   

   Parameter	Value	Description
   Auto synchronization settings
   Enable	Image Added	By default, automatic synchronization is disabled. To enable automatic synchronization, set the checkbox
   	Image Added
   Synchronization server		Select the synchronization server from the drop-down list
   Synchronization period	1 day 0 hours 0 minutes	Set the period for automatic synchronization
   Synchronization status
   Status	Stopped	By default, the synchronization status is Stopped. Once synchronization starts, the status changes
   Last synchronization	Unknown	By default, the date of the last synchronization is displayed as Unknown. Once synchronization starts, the date and time of the last synchronization are displayed

   
   
3. Click the Apply button.
4. To start manual synchronization, click the Manual Synchronization button.

Configuration of synchronization is complete.

Copy the LDAP catalog

To copy a catalog with all current settings , do the followingsaved:

1. Click the name of the catalog that you want to copy.
2. Click the Create ...button.

As a result, the new catalog with identical settings is created. The default name of the new catalog is LDAP 1, LDAP 2, and so on, depending on the number of previously created catalogs.

...

Remove the LDAP catalog

To remove a catalog, do the following:

1. Click the name of the catalog that you want to remove.
2. Click the Remove Image Removed Image Added button.

As a result, the selected catalog is removed.