ldap_integration
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
ldap_integration [2019/06/03 10:39] – lucy | ldap_integration [2020/08/25 16:26] – [Login Lucy through Active Directory (LDAP)] lucy | ||
---|---|---|---|
Line 3: | Line 3: | ||
LUCY has an LDAP API, which allows the administrator to: | LUCY has an LDAP API, which allows the administrator to: | ||
- | * import recipients | + | * import recipients |
- | * import | + | * authorize |
- | directly from your directory service. | + | ==== Sync tool for Windows ==== |
+ | |||
+ | Besides LDAP API, there is a tool that can be run on Windows machines to sync your Active Directory groups with Lucy, see more [[ldap_synchronization_tool|here]]. | ||
Line 17: | Line 19: | ||
(|(objectClass=inetOrgPerson)(objectClass=user)) | (|(objectClass=inetOrgPerson)(objectClass=user)) | ||
- | {{:ldap_settings_1.png?600|}} | + | {{:ldap_settings_7.png?600|}} |
+ | |||
+ | Also in the "LDAP settings" | ||
+ | |||
+ | {{: | ||
+ | |||
+ | //Note:// The Global Catalogue allows the connection only via two special ports: 3268 or 3269. To use this functionality, | ||
+ | The global catalog (GC) allows users and applications to find objects in an Active Directory domain tree, given one or more attributes of the target object. The global catalog contains a partial replica of every naming context in the directory. It contains the schema and configuration naming contexts as well. This means the GC holds a replica of every object in the directory but with only a small number of their attributes. The attributes in the GC are those most frequently used in search operations (such as a user's first and last names or login names) and those required to locate a full replica of the object. | ||
===== LDAP Update Preferences ===== | ===== LDAP Update Preferences ===== | ||
Line 63: | Line 72: | ||
It is possible to configure LUCY autoupdate recipient list of from an LDAP Server. | It is possible to configure LUCY autoupdate recipient list of from an LDAP Server. | ||
- | Note, this configuration will not be active if there are global settings for recipients import | + | |
+ | :!: Note, this configuration will not be active if there are global settings for recipients import | ||
{{ : | {{ : | ||
Line 96: | Line 106: | ||
* 4.Phone - recipient phone number | * 4.Phone - recipient phone number | ||
+ | To configure other recipient fields to match Active Directory attributes go to the LDAP Fields Associations page (Settings > LDAP Settings > LDAP Fields Associations): | ||
+ | |||
+ | {{ :: | ||
+ | |||
+ | :!: Recipient' | ||
+ | |||
+ | |||
+ | ===== Login Lucy through Active Directory (LDAP) ===== | ||
+ | |||
+ | Lucy allows users to login with their Active Directory account. | ||
+ | |||
+ | === Admin console & Enduser portal === | ||
+ | |||
+ | In order users to login Admin console or Enduser portal you should first import accounts to Lucy from your Active Directory. See [[ldap_integration# | ||
+ | |||
+ | :?: Please note that to login Lucy you should use an appropriate user role that can be configured within the LDAP Update Preferences page (Settings > LDAP Settings > LDAP Update Preferences). \\ | ||
+ | |||
+ | User roles used to access Admin console: **Administrator, | ||
+ | User role used to access Enduser portal: **Enduser**. \\ | ||
+ | |||
+ | === Awareness website === | ||
+ | |||
+ | Lucy has an option to send a non-unique link for awareness website, but it requires users to login with their AD account to access the website. It also requires endusers to be imported into Lucy (see previous section). | ||
+ | |||
+ | To enable LDAP login for Awareness website, tick the option " | ||
+ | {{ :: |
ldap_integration.txt · Last modified: 2021/11/04 18:57 by lucysecurity