LDAP
Last updated
Last updated
Copyright © Keepnet Labs LTD. All rights reserved.
This document explains the functionality of the LDAP feature as well as how to set up an LDAP to synchronize target users information such as Name, Surname, Email, Department, Phone Number or other information to the platform automatically.
LDAP is a standard protocol that allows the platforms to access an active directory to fetch target user’s information such as Name, Surname, Email, Department, Phone Number, and other information to synchronize these user’s information to the platform automatically.
Go to Company > Company Settings > LDAP from the platform menu to access the following LDAP configuration.
If the test connection is successful, you will see that it’s successful, if not please see the detailed pop-up message.
Usually, a whitelist rule is needed to access to the local Active Directory from the platform's IP address. You can contact support team to get IP address of the platform.
This is where you can see your scheduled LDAP rules. This means LDAP will automatically scan daily for new users to add/update/delete to your specified target group.
The components of the Scheduled Syncs page are explained in detail in the table below.
This is where you can choose which information that will be fetched and imported to the specific column on the platform. The admin can fetch specific information from the active directory such as the Manager, Country, City, or other attributes and synchronize this information of the users.
The components of the Field Mapping page are explained in detail in the table below.
While the Email, First Name, Last Name, or Department attributes are the most popular field mapping categories, you can have the option to synchronize Display Name, Office, Telephone Number (Mobile or Home), Address (Street, City, State, P.O Box, Country, Zip Code), Company, and more.
Go to Target Users > People menu and then click the Table Settings button on the right top of the screen to click the EDIT FIELDS button.
Create a custom field and then click the Save button.
To map this custom field with LDAP, go to Company Settings > LDAP > Field Mapping and map any listed active attributes to a created custom field.
Do not forget to save changes by clicking the Save Changes button and then proceed to the following title.
Follow the steps below to import target users to the platform from the integrated Active Directory by using the LDAP.
Go to Company > Target Users from the platform menu.
Click the + NEW button on the top right of the page and then select the ‘Import users from LDAP’ option.
There is two following option to import users.
This option fetches all unique email users in your active directory, no matter what active directory groups they are in.
If this option is selected, please choose a target group that all users will be imported to on the platform.
If the target group is not selected, all users will be imported as a single member on the platform without being assigned to a target group. No worries, all users can be imported to a single target group later.
There are three options to import users.
Choose ‘Select Manually’ if all users need to be imported manually without creating auto-synchronization.
Choose ‘Sync All Users’ if all users need to be synchronized automatically.
This process repeats every 24 hours automatically to fetch new users or update changes on the users.
Choose ‘Sync By Query’ if all users need to be synchronized users by criteria.
This process repeats every 24 hours automatically to fetch new users or update changes on the users that match the criteria.
Use the filters to create criteria to filter users out of all users to synchronize and then use the View Users button to see filtered users that will be synchronized.
This option fetches unique email users that are in certain groups in your active directory.
If this option is selected, please choose LDAP groups which users that are inside will be imported to the platform.
If the target group is not selected, all users will be imported as a single member on the platform without being assigned to a target group. No worries, all users can be imported to a single target group later.
There are three options to import users.
Choose ‘Select Manually’ if all users need to be imported manually without creating auto-synchronization.
Choose ‘Sync All Users’ if all users need to be synchronized automatically.
This process repeats every 24 hours automatically to fetch new users or update changes on the users.
Choose ‘Sync By Query’ if all users need to be synchronized users by criteria.
This process repeats every 24 hours automatically to fetch new users or update changes on the users that match the criteria.
Use the filters to create criteria to filter users out of all users to synchronize and then use the View Users button to see filtered users that will be synchronized.
Click ‘+ Add Condition’ to add more conditions for filtering the users.
The following video shows how to set up an LDAP connection and import or synchronize users to the platform.
A: Go to Company Settings > LDAP > Scheduled Sync menu to see all scheduled synchronizations. You can Edit to update the rule or Delete it.
A: No, the scheduled target users cannot be deleted. If you wish the user not to synchronize to the platform, please find the related scheduled sync setting and update it.
A: Yes, you can delete the manually imported users on the platform.
A: Yes, if you wish not to delete the synchronization but also inactive it to stop new fetch users or update changes on the user, you can do it from Company Settings > LDAP > Scheduled Sync menu.
Server URL
URL and Port number to access the active directory.
Bind Username
Read-only access account name in the active directory.
Bind User Password
Password of the read-only account.
Base DN
The starting point for searches in the LDAP directory server. Example of DC=company and DC=domain.com.
Relative DNS
A relative search will be conducted on the subbranches of base DN for LDAP users whose objectType=user. You can enter a different relative DN on each line.
Status
Disable the LDAP is no need to use more.
Test Connection
Test your configuration if successful to connect the active directory.
Save Changes
Saves the changes
Name
Name of target group
Status
Disables the scheduled rule if you don’t want the rule to work anymore.
Date Created
Date and time that the scheduled rule was created.
Last Run
The last time LDAP was scanned for new changes.
Next Run Time
The next time LDAP will be scanned for new changes.
Edit
Edit the scheduled rule to change the settings.
Delete
Delete LDAP synchronization if the LDAP rule shouldn’t work anymore.
User’s Email Address that will be imported
First Name
User’s First Name that will be imported
Last Name
User’s Last Name that will be imported
Department
User’s Department that will be imported