ldap_integration
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
ldap_integration [2019/05/16 21:44] – [Autoupdate LDAP Recipients] lucy | ldap_integration [2020/08/25 14:37] – [Which LDAP fields can be used?] lucy | ||
---|---|---|---|
Line 1: | Line 1: | ||
===== LDAP Integration ===== | ===== LDAP Integration ===== | ||
- | LUCY > 3.2 has an LDAP API, which allows the administrator to: | + | LUCY has an LDAP API, which allows the administrator to: |
- | * import recipients | + | * import recipients |
- | * import | + | * authorize |
- | directly from your directory service. | + | ==== LDAP Sync tool for Windows ==== |
+ | |||
+ | Besides LDAP API, there is a tool that can be run on Windows machines to sync your Active Directory groups with Lucy, see more [[ldap_synchronization_tool|here]]. | ||
Line 17: | Line 19: | ||
(|(objectClass=inetOrgPerson)(objectClass=user)) | (|(objectClass=inetOrgPerson)(objectClass=user)) | ||
+ | {{: | ||
+ | Also in the "LDAP settings" | ||
+ | |||
+ | {{: | ||
+ | |||
+ | //Note:// The Global Catalogue allows the connection only via two special ports: 3268 or 3269. To use this functionality, | ||
+ | |||
+ | The global catalog (GC) allows users and applications to find objects in an Active Directory domain tree, given one or more attributes of the target object. The global catalog contains a partial replica of every naming context in the directory. It contains the schema and configuration naming contexts as well. This means the GC holds a replica of every object in the directory but with only a small number of their attributes. The attributes in the GC are those most frequently used in search operations (such as a user's first and last names or login names) and those required to locate a full replica of the object. | ||
+ | |||
+ | ===== LDAP Update Preferences ===== | ||
+ | |||
+ | This menu allows configuring automatic synchronization of LDAP recipients and users that were imported into LUCY. Automatic synchronization happens every 10 minutes. | ||
+ | |||
+ | Note, these settings are global and all of the Autoupdate LDAP preferences per a group of recipients will be ignored with the settings enabled (see [[ldap_integration# | ||
+ | |||
+ | {{ : | ||
+ | |||
+ | LDAP update preferences contain 2 options for automatic action. | ||
+ | It is possible to configure LUCY to add users and recipients automatically or to wait for the Administrator' | ||
+ | |||
+ | {{ : | ||
+ | |||
+ | In case if you select " | ||
+ | |||
+ | {{ : | ||
+ | |||
+ | It is also possible to customize the pattern of automatic import of users from an Organization Unit. | ||
+ | Lucy will scan a Distinguished Name (RDN) of the OrganizationUnit (eg. OU=Admins, DC=domain, DC=tld) and automatically bind a role to an imported user according to the settings that can be seen on the screenshot below. | ||
+ | |||
+ | {{: | ||
+ | |||
+ | The user default role defines a role that will be assigned to users with manual import users from LDAP. | ||
+ | |||
+ | {{ : | ||
- | {{ ldap2.png? | ||
Line 26: | Line 61: | ||
When you create a new recipient group you will be able to use the previously configured LDAP connection to query and import all the users/ | When you create a new recipient group you will be able to use the previously configured LDAP connection to query and import all the users/ | ||
- | {{ ldap1.png?600 }} | + | {{: |
- | {{ ldap3.png?600 }} | + | {{: |
LUCY will automatically match the user's attributes in the LDAP directory with the available recipient attributes in LUCY. | LUCY will automatically match the user's attributes in the LDAP directory with the available recipient attributes in LUCY. | ||
Line 37: | Line 72: | ||
It is possible to configure LUCY autoupdate recipient list of from an LDAP Server. | It is possible to configure LUCY autoupdate recipient list of from an LDAP Server. | ||
- | Note, this configuration will not be active if there are global settings for recipients import | + | |
+ | :!: Note, this configuration will not be active if there are global settings for recipients import | ||
{{ : | {{ : | ||
+ | |||
+ | You may use regular Active Directory search filters, for example: | ||
+ | < | ||
+ | (|(objectClass=inetOrgPerson)(objectClass=user)). | ||
+ | </ | ||
+ | |||
+ | See [[https:// | ||
+ | |||
+ | The Base DN of the query must be specified in the following format: | ||
+ | < | ||
+ | dc=MyDomain, | ||
+ | </ | ||
===== Importing users via LDAP ===== | ===== Importing users via LDAP ===== | ||
Line 45: | Line 93: | ||
If you want to import users who can access LUCY using their AD account, you can go into the user settings menu (Settings > Users) and click the according button: | If you want to import users who can access LUCY using their AD account, you can go into the user settings menu (Settings > Users) and click the according button: | ||
- | {{ ldap5.png?600 }} | + | {{: |
By default, the User role will be assigned for all imported users. | By default, the User role will be assigned for all imported users. | ||
Line 58: | Line 106: | ||
* 4.Phone - recipient phone number | * 4.Phone - recipient phone number | ||
- | ===== LDAP Update Preferences ===== | + | You may configure |
- | + | ||
- | This menu allows configuring automatic synchronization of LDAP users with LUCY users. | + | |
- | Automatic synchronization happens once in 10 minutes. | + | |
- | Note, these settings are global and all of the Autoupdate LDAP preferences per a group of recipients will be ignored with the settings enabled. | + | |
- | + | ||
- | {{ : | + | |
- | + | ||
- | LDAP update preferences contain 2 options for automatic action. | + | |
- | It is possible to configure | + | |
- | + | ||
- | {{ : | + | |
- | + | ||
- | In case if you select " | + | |
- | + | ||
- | {{ : | + | |
- | + | ||
- | It is also possible to customize | + | |
- | Lucy will scan an Organization Unit and automatically bind a role to an imported user according to the settings that can be seen on the screenshot below. | + | |
- | + | ||
- | {{ :role_bound.png? | + | |
- | + | ||
- | User default role defines a role that will be assigned to users with manual import users from LDAP. | + | |
- | {{ :default_role.png?600 |}} | + | {{ :: |
+ | :!: Recipient' |
ldap_integration.txt · Last modified: 2021/11/04 18:57 by lucysecurity