===== Lucy LDAP Synchronization Tool =====

The Lucy LDAP Synchronization Tool is a Windows-based software for both a one-time sync or can be installed as a Windows service for periodic syncronization. It receives user data from your Active Directory environment, prepares and imports into a selected recipient group in Lucy.

:!: Currently only recipients import is supported.


===== System requirements =====

To install the Lucy LDAP Synchronization Tool, your computer must meet the minimum requirements below.

| Processor        | 1 GHz or faster 32-bit (x86) or 64-bit (x64) |
| Operating System | Windows 7 (x86, x64) or later \\ Server 2012 R2 (x64) or later \\ *Operating system must have .NET Framework 4.5 or later installed |
| Memory           | 1 GB RAM (32-bit) or 2 GB RAM (64-bit) |
| Disk Space       | 100 Mb or more |


===== Lucy configuration requirements =====

In order to allow the tool to manage recipient groups in Lucy, you must add your current workstation IP address (or your public IP address if you use a remote Lucy server) to the API Whitelist. Learn more [[api|here]].


===== Install the Lucy LDAP Synchronization Tool =====

  - Download the tool: \\ LDAP Sync Tool v2.4 - {{ ::lucyldapsynchronizationtool_v2.zip | Download}} \\ LDAP Sync Tool v1.2 - {{ ::lucyldapsynchronizationtool.zip | Download}}
  - Unpack then Run LucyLdapSynchronizationTool.msi file. If prompted by User Account Control, click Yes to allow
  - On the Lucy LDAP Synchronization Tool Setup Wizard, click Next
  - Confirm your desired installation path, then click Next
  - Click Install. If prompted by User Account Control, click Yes to allow
  - When the installation is complete, click Finish
  - Once installed, the program icon will appear on your desktop, and the Start menu


===== Configure the Connection settings to Lucy =====

The first step is to configure the connection to your Lucy server by entering the following information:

  * **Server** - Domain name of Lucy's Admin console or IP address of Lucy server (e.g., lucydomain.com, 172.10.0.128). A custom port can be specified after the colon (e.g. lucydomain.com:8443)
  * **Username** and **Password** - Administrator login credentials

:!: Click on "Test connection" to validate the credentials.

When finished, click Next to create a new recipient group or select an existing one.

{{ ldap_stool_01.png?600 |}}

===== Configure the Connection settings to Active Directory LDAP Server =====

Next, you need to configure the connection between the tool and your Active Directory by entering the following information:

  * **Host** - domain name or IP address of the domain controller (e.g., ldap.domain.local)
  * **Port** - (default: 389 or 636) or LDAP port. If "Use Global Catalog" and "Use SSL" are enabled you should use the ports 3268 and 3269
  * **Username** and **Password** - current user login credentials or a specific set of user credentials
  * **Use SSL** - enable secure connection
  * **Use Global Catalog** - enable to find objects in an Active Directory domain tree, given one or more attributes of the target object
  * **Base DN** - root node under which all of your user and group objects are located
  * **Auth type** - (default: Negotiate) method which is used to authenticate the LDAP connection

When finished, click Next to select Active Directory groups.

{{ ldap_stool_02.png?600 |}}



===== Select the Active Directory groups to export =====

Once your Active Directory settings are configured, select the Active Directory groups from which users will be imported into Lucy.

There are two options:
  * **Define filter for a single group** - allows to select several AD groups to be imported into one Lucy's recipients group.
  * **Select multiple User Groups** - allows to select several AD groups to import each into its own recipients group in Lucy.

{{ ldap_stool_03.png?600 |}}

If an option **Define filter for a single group** is used, you may either select an existing group or create a new recipient group using the buttons "**New recipient group**" and "**Delete recipient group**".

{{ ldap_stool_04.png?600 |}}

:!: Please keep in mind that deleting any recipient groups using the tool may affect the statistics in your campaigns. __Deletion cannot be undone__.

You can also use **Search filter** to find the specific group.

{{ ldap_stool_05.png?600 |}}

At this point select an LDAP group for synchronization or use **Filter** to build your own query.



You may use regular Active Directory search filters, for example:
(|(objectClass=inetOrgPerson)(objectClass=user)).
See [[https://social.technet.microsoft.com/wiki/contents/articles/5392.active-directory-ldap-syntax-filters.aspx|Microsoft Documentation]] for more info. 

Click on "__Test filter__" to see the first 10 users received from Active Directory.

{{ ldap_stool_06.png?600 |}}

When you have selected the Active Directory group, click Next to see the overall settings.

{{ ldap_stool_07.png?600 |}}


===== Multiple group sync =====

Multiple group synchronization can be proceeded with the latest version of the LDAP synchronization tool.
Selecting multiple AD groups will add separate recipient groups to Lucy.

Check Active Directory groups and press **Add**

{{ ldap_stool_08.png?600 |}}

:!: Attention! A new recipient group will be created in Lucy with the same name as the user group.
If the recipient group already exists, new recipients will be added to it. Please note that Lucy will send emails for any new recipients added to the running campaign.

===== Review the settings =====

Verify the settings and click Next when you are ready to start the import.

{{ ldap_stool_09.png?600 |}}

{{ ldap_stool_10.png?600 |}}


===== Finishing =====

Once the synchronization process is finished, you can observe the debug log.

You can save the import settings to a file by clicking the "__Save config__" button. The file can be used the next time you import recipients. To do this, select the configuration file at the first step of the synchronization wizard.

Click on "__Register service__" to install the tool as a Windows service. When running as a Windows service, the tool performs the sync **every 10 minutes** (:!: not configurable in the current version).

To remove the service, run the tool once again and click "__Remove service__" on the Lucy connection settings step.
===== Default actions =====

By default, the tool performs the following actions when specific events happen to users in your Active Directory (the actions are not configurable in the current version):

  * **When a new user in Active Directory is created**: Automatically create recipient in Lucy and add it to the selected recipient group.
  * **When a user in Active Directory is deleted**: Automatically delete recipient from Lucy
  * **When a user in Active Directory is removed from group in filter**: Automatically delete recipient from Lucy
  * **When user information in Active Directory is changed**: Automatically update existing recipient in Lucy with the new information.


===== Troubleshooting =====

  * Login error **The remote server returned an error: (400) Bad Request**

{{ ::ldap_tool_errors_bad_request.png?nolink&350 |}}

| Possible reasons: | The account used is not an administrator \\ Login or password is invalid. |
| Solution:         | Use an account with Administrator role. \\ Check your credentials or try another account |

  * Login error **The remote server returned an error: (401) Unauthorized**

{{ ::ldap_tool_errors_unauthorized.png?nolink&350 |}}

| Possible reasons: | Your IP address is not listed in the API whitelist |
| Solution:         | Add your computer IP address to API whitelist. Learn more [[api|here]]. |

  * Connection error **The LDAP server is unavailable**

{{ ::ldap_tool_errors_ldap_server_unavailable.png?nolink&250 |}}

| Possible reasons: | Active Directory server is not accessable from your computer (behind a firewall). \\ Invalid credentials or insufficient permissions. |
| Solution:         | Run the tool while inside the corporate network or connect to it using VPN. \\ Check your account or use a different account. |


===== Changelog =====

  * **v1.0** (January 2020) - Released the first version of the tool \\
  * **v1.2** (May 2020) - Added support for the ObjectGUID attribute of Active Directory users \\
  * **v1.2.1** (August 2020) - Fixed import of recipient's phone number and unexpected closing of the app. \\
  * **v1.2.1.55** (September 2020) - Fixed import of recipient's name. Added error handling. \\
  * **v2.0** (October 2020) - Added support for synchronizing multiple groups. Added the ability to save import settings to a file. Fixed issue with limiting import to 1000 users. \\
  * **v2.2** (November 2020) - Added support for Global Catalog. Fixed import of recipients without 'LDAP-based' flag (required Lucy v4.7.7 or newer).
  * **v2.3** (January 2021) - Added support for HTTPS Proxy (for Lucy server connection). To run the application is no longer required to provide administrative privileges. Now, this is only needed when installing or removing the service.
  * **v2.3.1** (February 2021) - Added search and sorting for multiple user groups filter.
  * **v2.4** (November 2021) - Fixed bug with import recipients to a running campaign.