Versions Compared

Old Version 5

changes.mady.by.user Alena Kniazeva

Saved on

compared with

New Version Current

changes.mady.by.user Alena Kniazeva

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Go to the Configuration management tab → Users.

  2. In the LDAP catalogs group, click the Create... button.


    The LDAP 1 object is added to the system. On the right, the panel with connection settings to the LDAP 1 catalog is displayed.
  3. Specify the LDAP catalog settings listed in the table:
    FieldValueDescription
    LDAP connection
    NameLDAP 1Enter the name of the catalog
    Server name or IP addressldap.postland.orgEnter the address of the LDAP catalog server
    Port 636Enter the connection port of the LDAP catalog server
    Use secure connection (SSL)

    		Set the checkbox if you want to use a secure connection (SSL) when you connect to the LDAP catalog

    Base DNou=Address,dc=company,dc=domain

    Enter the Distinguished Name of the branch from which the data search starts

    Note
    titleAttention!
    • If LDAP users are located in multiple directories with the hierarchical structure, you cannot synchronize all users at the same time.
    • To synchronize each user group in the DN branch, you must specify the path to the corresponding directory.
      For example, LDAP contains the Employees directory and the Managers, Cashiers and Salesmen subdirectories:
      • DN branches for synchronizing users within the Managers directory: ou=Managers,ou=Employees,dc=example,dc=com.
      • DN branches for synchronizing users within the Cashiers directory: ou=Cashiers,ou=Employees,dc=example,dc=com.
      • DN branches for synchronizing users within the Salesmen directory: ou=Salesmen,ou=Employees,dc=example,dc=com.
    Useruid=your.login,ou=Users,dc=company,dc=domainEnter the name of the user who has the read access from the base DN in the LDAP (RDN + DN) format
    Password
    		Enter the user password
    Filter settings
    Search modeUsersSelect the search mode in the catalog
    Groups
    Users in Groups
    Users and Users in Groups
    Search filter(objectClass=person)

    Enter a filter string of entries in the catalog

    Note
    titleAttention!

    To upload users by groups, not by catalogs, you must use the memberof attribute in the filter. For example:

    (&(objectClass=user)(memberof=CN=YourGroup,OU=Users,DC=YourDomain,DC=com))

    Group search filter(objectClass=group)

    Enter a filter string of entries in the group

    Note
    titleAttention!

    The Search filter and Group search filter fields are mutually exclusive and are activated depending on the value in the Search mode field:

    • Users—only the Search filter field is active.
    • Groups—only the Group search filter field is active.
    • Users in Groups and Users and Users in Groups—both fields are active.

     

    LDAP templatesOpenLDAPSelect a template to set the username attribute
    Microsoft Active Directory
    Username attributecnEnter the attribute from which the username is obtained. To search for users via the sAMAccountName attribute, you must enter the attribute in lowercase letters—samaccountname.
    DN attributeentrydn

    Enter the attribute from which the user's DN is obtained.

    The default value of the DN attribute depends on the selected LDAP template:

    • For the OpenLDAP template, the value entrydn is used.
    • For the Microsoft Active Directory template, the value distinguishedname is used
    Role for automatic registration of user
    		Select a role to which new users of the LDAP catalog are automatically added when they log in to Axxon One. If you don't specify a role, the automatic user creation for this catalog is disabled

  4. Click the Apply button.

...

To upload the catalog users, click the Load button. If the connection is successful, the form below is filled with user data. Otherwise, an error message appears.

Configuring LDAP directory group synchronization

LDAP directory group synchronization is used to automatically match LDAP user groups with system roles. To configure LDAP group synchronization:

  1. In the Filter settings panel, in the Search mode field, select Groups. The Configuring LDAP directory group synchronization panel opens on the right.
  2. Click the Load Image Added button.
  3. In the Configuring LDAP directory group synchronization panel:
    1. In the Group field, enter the name of the group.
    2. In the Distinguished Name (DN) field, select the necessary attribute from the list.
    3. In the Roles field, set the checkboxes next to the required roles to which new users will be automatically added.
    4. Click the Add Image Added button.
  4. Click the Apply Image Added button to save the changes.

Configuration of the LDAP directory group synchronization is complete.

Synchronization of the Synchronization of the LDAP catalog

Synchronization can be performed manually or automatically. To synchronize LDAP catalogs:

...