User Tools

Site Tools


ldap_integration

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
Next revisionBoth sides next revision
ldap_integration [2018/12/26 12:45] – [Importing users via LDAP] lucyldap_integration [2019/04/18 16:52] lucy
Line 1: Line 1:
 ===== LDAP Integration ===== ===== LDAP Integration =====
  
-LUCY > 3.2 has LDAP API, which allows the administrator to:+LUCY > 3.2 has an LDAP API, which allows the administrator to:
  
   * import recipients    * import recipients 
Line 10: Line 10:
  
 ===== Setup ===== ===== Setup =====
-To configure the LDAP connection please go in LDAP settings (Settings -> LDAP Settings) and save your server and authentication details. Within the field "Server Address" you need to enter your LDAP server IP address, within the field "Server Port" you should enter TCP/UDP port for LDAP (default port 389 or port 636 for LDAPS) and if "Use Global Catalog" and "LDAP over SSL" are enabled you should use the ports 3268 and 3269. Within the field "Domain Controller" you need to enter your LDAP Server Root RDN (example: "dc=domain,dc=com") and with in the field "Login" you need to enter user RDN (example: "cn=Administrator,cn=Users").+To configure the LDAP connection please go in LDAP settings (Settings -> LDAP Settings) and save your server and authentication details. Within the field "Server Address" you need to enter your LDAP server IP address, within the field "Server Port" you should enter TCP/UDP port for LDAP (default port 389 or port 636 for LDAPS) and if "Use Global Catalog" and "LDAP over SSL" are enabled you should use the ports 3268 and 3269. Within the field "Domain Controller" you need to enter your LDAP Server Root RDN (example: "dc=domain,dc=com") and within the field "Login" you need to enter user RDN (example: "cn=Administrator,cn=Users").
  
 Fields "Group Object" and "User Object" are used to filter search from the LDAP objects. Objects within "Group Object" and "User Object" fields need to be separated with a comma and one space.  Fields "Group Object" and "User Object" are used to filter search from the LDAP objects. Objects within "Group Object" and "User Object" fields need to be separated with a comma and one space. 
Line 37: Line 37:
 ===== Importing users via LDAP ===== ===== Importing users via LDAP =====
  
-If you want to import users who can access LUCY using their AD account, you can go into the user settings menu (/admin/users) and click the according button:+If you want to import users who can access LUCY using their AD account, you can go into the user settings menu (Settings > Users) and click the according button:
  
 {{ ldap5.png?600 }} {{ ldap5.png?600 }}
  
 +By default, the User role will be assigned for all imported users.
 ===== Which LDAP fields can be used? ===== ===== Which LDAP fields can be used? =====
  
Line 50: Line 50:
   * 3.Location - Recipient's location   * 3.Location - Recipient's location
   * 4.Phone - recipient phone number   * 4.Phone - recipient phone number
 +
 +===== LDAP Update Preferences =====
 +
 +This menu allows configuring automatic synchronization of LDAP users with LUCY users.
 +Automatic synchronization happens once in 10 minutes.
 +
 +{{ :ldap_update.png?600 |}}
 +
 +LDAP update preferences contain 2 options for automatic action.
 +It is possible to configure LUCY to add users and recipients automatically or to wait for the Administrator's decision.
 +
 +{{ :choice.png?600 |}}
 +
 +In case if you select "Waiting for administrator's decision", an Administrator will have to go to a control list and decide whether it is necessary to delete\add a recipient\user or not.
 +
 +{{ :control_list.png?600 |}}
 +
 +It is also possible to customize the pattern of automatic import of users from an Organization Unit.
 +Lucy will scan an Organization Unit and automatically bind a role to an imported user according to the settings that can be seen on the screenshot below.
 +
 +{{ :role_bound.png?600 |}}
 +
 +User default role defines a role that will be assigned to users with manual import users from LDAP.
 +
 +{{ :default_role.png?600 |}}
  
ldap_integration.txt · Last modified: 2021/11/04 18:57 by lucysecurity