LUCY

User Tools

Site Tools

Trace:
ldap_integration

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Next revisionBoth sides next revision
ldap_integration [2019/05/17 08:59] lucyldap_integration [2019/07/25 12:49] – external edit 127.0.0.1
Line 1: Line 1:
 ===== LDAP Integration ===== ===== LDAP Integration =====
  
-LUCY > 3.2 has an LDAP API, which allows the administrator to:+LUCY has an LDAP API, which allows the administrator to:
  
   * import recipients    * import recipients 
Line 17: Line 17:
 (|(objectClass=inetOrgPerson)(objectClass=user)) (|(objectClass=inetOrgPerson)(objectClass=user))
  
-{{ ldap2.png?600 }}+{{:ldap_settings_7.png?600|}}
  
 +Also in the "LDAP settings"  you can use Global Catalog:
 +
 +{{:ldap_settings_8.png?400|}}
 +
 +//Note:// The Global Catalogue allows the connection only via two special ports: 3268 or 3269. To use this functionality, please configure one of these ports for connection to AD.
 +
 +The global catalog (GC) allows users and applications to find objects in an Active Directory domain tree, given one or more attributes of the target object. The global catalog contains a partial replica of every naming context in the directory. It contains the schema and configuration naming contexts as well. This means the GC holds a replica of every object in the directory but with only a small number of their attributes. The attributes in the GC are those most frequently used in search operations (such as a user's first and last names or login names) and those required to locate a full replica of the object.
  
 ===== LDAP Update Preferences ===== ===== LDAP Update Preferences =====
Line 38: Line 45:
  
 It is also possible to customize the pattern of automatic import of users from an Organization Unit. It is also possible to customize the pattern of automatic import of users from an Organization Unit.
-Lucy will scan an Organization Unit and automatically bind a role to an imported user according to the settings that can be seen on the screenshot below.+Lucy will scan a Distinguished Name (RDN) of the OrganizationUnit (eg. OU=Admins, DC=domain, DC=tld) and automatically bind a role to an imported user according to the settings that can be seen on the screenshot below.
  
-{{ :role_bound.png?400 |}}+{{:ldap_settings_2.png?400|}}
  
-User default role defines a role that will be assigned to users with manual import users from LDAP.+The user default role defines a role that will be assigned to users with manual import users from LDAP.
  
 {{ :default_role.png?400 |}} {{ :default_role.png?400 |}}
Line 52: Line 59:
 When you create a new recipient group you will be able to use the previously configured LDAP connection to query and import all the users/groups: When you create a new recipient group you will be able to use the previously configured LDAP connection to query and import all the users/groups:
  
-{{ ldap1.png?600 }}+{{:ldap_settings_3.png?600|}}
  
-{{ ldap3.png?600 }}+{{:ldap_settings_4.png?600|}}
  
 LUCY will automatically match the user's attributes in the LDAP directory with the available recipient attributes in LUCY.  LUCY will automatically match the user's attributes in the LDAP directory with the available recipient attributes in LUCY. 
Line 83: Line 90:
 If you want to import users who can access LUCY using their AD account, you can go into the user settings menu (Settings > Users) and click the according button: If you want to import users who can access LUCY using their AD account, you can go into the user settings menu (Settings > Users) and click the according button:
  
-{{ ldap5.png?600 }}+{{:ldap_settings_6.png?600|}}
  
 By default, the User role will be assigned for all imported users. By default, the User role will be assigned for all imported users.
ldap_integration.txt · Last modified: 2021/11/04 18:57 by lucysecurity