ldap_integration
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
ldap_integration [2019/05/16 21:39] – lucy | ldap_integration [2019/12/19 10:31] – [Autoupdate LDAP Recipients] lucy | ||
---|---|---|---|
Line 1: | Line 1: | ||
===== LDAP Integration ===== | ===== LDAP Integration ===== | ||
- | LUCY > 3.2 has an LDAP API, which allows the administrator to: | + | LUCY has an LDAP API, which allows the administrator to: |
* import recipients | * import recipients | ||
Line 17: | Line 17: | ||
(|(objectClass=inetOrgPerson)(objectClass=user)) | (|(objectClass=inetOrgPerson)(objectClass=user)) | ||
+ | {{: | ||
+ | Also in the "LDAP settings" | ||
+ | |||
+ | {{: | ||
+ | |||
+ | //Note:// The Global Catalogue allows the connection only via two special ports: 3268 or 3269. To use this functionality, | ||
+ | |||
+ | The global catalog (GC) allows users and applications to find objects in an Active Directory domain tree, given one or more attributes of the target object. The global catalog contains a partial replica of every naming context in the directory. It contains the schema and configuration naming contexts as well. This means the GC holds a replica of every object in the directory but with only a small number of their attributes. The attributes in the GC are those most frequently used in search operations (such as a user's first and last names or login names) and those required to locate a full replica of the object. | ||
+ | |||
+ | ===== LDAP Update Preferences ===== | ||
+ | |||
+ | This menu allows configuring automatic synchronization of LDAP recipients and users that were imported into LUCY. Automatic synchronization happens every 10 minutes. | ||
+ | |||
+ | Note, these settings are global and all of the Autoupdate LDAP preferences per a group of recipients will be ignored with the settings enabled (see [[ldap_integration# | ||
+ | |||
+ | {{ : | ||
+ | |||
+ | LDAP update preferences contain 2 options for automatic action. | ||
+ | It is possible to configure LUCY to add users and recipients automatically or to wait for the Administrator' | ||
+ | |||
+ | {{ : | ||
+ | |||
+ | In case if you select " | ||
+ | |||
+ | {{ : | ||
+ | |||
+ | It is also possible to customize the pattern of automatic import of users from an Organization Unit. | ||
+ | Lucy will scan a Distinguished Name (RDN) of the OrganizationUnit (eg. OU=Admins, DC=domain, DC=tld) and automatically bind a role to an imported user according to the settings that can be seen on the screenshot below. | ||
+ | |||
+ | {{: | ||
+ | |||
+ | The user default role defines a role that will be assigned to users with manual import users from LDAP. | ||
+ | |||
+ | {{ : | ||
- | {{ ldap2.png? | ||
Line 26: | Line 59: | ||
When you create a new recipient group you will be able to use the previously configured LDAP connection to query and import all the users/ | When you create a new recipient group you will be able to use the previously configured LDAP connection to query and import all the users/ | ||
- | {{ ldap1.png?600 }} | + | {{: |
- | {{ ldap3.png?600 }} | + | {{: |
LUCY will automatically match the user's attributes in the LDAP directory with the available recipient attributes in LUCY. | LUCY will automatically match the user's attributes in the LDAP directory with the available recipient attributes in LUCY. | ||
Line 34: | Line 67: | ||
If " | If " | ||
+ | ===== Autoupdate LDAP Recipients ===== | ||
+ | |||
+ | It is possible to configure LUCY autoupdate recipient list of from an LDAP Server.</ | ||
+ | :!: Note, this configuration will not be active if there are global settings for recipients import disabled. | ||
+ | |||
+ | {{ : | ||
+ | |||
+ | You may use regular Active Directory search filters, for example: | ||
+ | < | ||
+ | (|(objectClass=inetOrgPerson)(objectClass=user)). | ||
+ | </ | ||
+ | |||
+ | See [[https:// | ||
+ | |||
+ | The Base DN of the query must be specified in the following format: | ||
+ | < | ||
+ | dc=MyDomain, | ||
+ | </ | ||
===== Importing users via LDAP ===== | ===== Importing users via LDAP ===== | ||
Line 39: | Line 90: | ||
If you want to import users who can access LUCY using their AD account, you can go into the user settings menu (Settings > Users) and click the according button: | If you want to import users who can access LUCY using their AD account, you can go into the user settings menu (Settings > Users) and click the according button: | ||
- | {{ ldap5.png?600 }} | + | {{: |
By default, the User role will be assigned for all imported users. | By default, the User role will be assigned for all imported users. | ||
+ | |||
===== Which LDAP fields can be used? ===== | ===== Which LDAP fields can be used? ===== | ||
Line 51: | Line 103: | ||
* 4.Phone - recipient phone number | * 4.Phone - recipient phone number | ||
- | ===== LDAP Update Preferences ===== | ||
- | |||
- | This menu allows configuring automatic synchronization of LDAP users with LUCY users. | ||
- | Automatic synchronization happens once in 10 minutes. | ||
- | Note, these settings are global and all of the Autoupdate LDAP preferences per a group of recipients will be ignored with the settings enabled. | ||
- | |||
- | {{ : | ||
- | |||
- | LDAP update preferences contain 2 options for automatic action. | ||
- | It is possible to configure LUCY to add users and recipients automatically or to wait for the Administrator' | ||
- | |||
- | {{ : | ||
- | |||
- | In case if you select " | ||
- | |||
- | {{ : | ||
- | |||
- | It is also possible to customize the pattern of automatic import of users from an Organization Unit. | ||
- | Lucy will scan an Organization Unit and automatically bind a role to an imported user according to the settings that can be seen on the screenshot below. | ||
- | |||
- | {{ : | ||
- | |||
- | User default role defines a role that will be assigned to users with manual import users from LDAP. | ||
- | |||
- | {{ : | ||
ldap_integration.txt · Last modified: 2021/11/04 18:57 by lucysecurity