ELMA365 Store solutions / Active Directory/LDAP

Active Directory/LDAP

Active Directory/LDAP standard module allows you to import users from another corporate system to ELMA365 while retaining their login information. Imported and manually registered users can work in ELMA365 system simultaneously.

How it works

The system administrator connects an AD/LDAP server to ELMA365 using the server address, login and password. Then, he or she defines the correspondence between ELMA and AD/LDAP fields and a database synchronization interval. Next, the AD/LDAP server is added to the Integration list. The users can be imported directly to ELMA365. Then, the employees will be able to log in using their username and password from the system from which they were imported.  

That way, you can configure integration with multiple systems.

Configuration

To configure the AD/LDAP integration, go to the Administration > Modules.

ad-ldap-1

Select the Active Directory or LDAP and check the Enable Module box. To add a new item, click Add item.

The properties window opens.

1. Connect to the server

First, set up the connection between ELMA365 and the AD/LDAP server.

ad-ldap-2

  • No. Indicate the sequence number of the integration.
  • Name*. Enter the name of the integration. It will be displayed in the integration list.
  • Server address*Specify the IP address by which the server is accessed and enter the port.

The default value of the LDAP port is 389. If you need to specify a port other than the LDAP port to access the server, enter it in this field separated by a colon. For example, in 192.168.1.1.:42, 42 is the port used with the 192.168.1.1 IP address.

  • Use TLS. Select Yes to use a secure connection to the server.
  • User*. Enter the user name for LDAP server authentication.
  • Password*. Enter the user password.

2. User connection and import

Next, fill in the user connection and import fields.

начало внимание

When you set up the Active Directory integration, the following fields are filled in automatically. In case of LDAP integration, you have to fill in the fields manually.

конец внимание

ad-ldap-3

  • Domain. If you specified the domain, the users will be required to enter a login with the domain during authentication.
  • Login Name Format*. Specify the domain name by which the server is accessed.

When using the sAMAccountName field as the source of the Login field, the following authentication options are available:


Option 1

Option 2

Option 3

Option 4

Login

login

login@domain.com

domain\login

domain.com\login

Domain


domain.com

domain

domain.com

Login Name Format

domain\{$login}

domain\{$login}

domain\{$login}

domain\{$login}

For example, if the Login Name Format field is specified as "elma\{$login}" and the Domain field is specified as "elma.com", then the user need to enter a login on the authorization page in the following format "johnson@elma.com". The login: "johnson" will be selected from this string, the authentication template will be filled on its basis, i.e. a request with the login elma\johnson will be sent to the authentication server.

You can also use the userPrincipalName field as the source of the "login" field (the format for storing the login is username@domain.com, the length of the string is not limited). In this case, the integration settings are set as follows:

  • domain: domain.com;
  • login name format: {$login};
  • user: login@domain.com;
  • login string during authorization: login@domain.com.

начало внимание

The imported user does not need to be granted additional access rights, he or she should only be a domain user.

конец внимание

  • Authentication type. Select the Default (current server) option from the drop down list.
  • ADSI path to users*. Specify a path to users using the ADSI connection string syntax:
    • OU stands for Organization Unit that contains such objects as users, contacts, groups, and others.
    • CN stands for Common Name that is a name of a user, contact, group, or another object that usually does not have child objects.
    • DC stands for Domain Component that is the name of the domain or the DNS.

For example, in order to import the users from the Users root group of the company.com domain, use the following path: “cn=Users, dc=company, dc=local”.

начало внимание

If there are leading or trailing spaces or special characters in the user path \ , # + < > ; "=", they must be preceded by a backslash "\".

конец внимание

User path example:

Correct

Incorrect

OU=ouTest \+,OU=your\#Company,DC=testsmir,DC=local

OU=ouTest +,OU=yourCompany,DC=testsmir,DC=local

  • User Import filter*. Filter used in queries to LDAP server when importing users.

Next, map the ELMA and LDAP fields:

  • Login parameter*. Specify the field storing the user login on the LDAP server, for example, "sAMAccountName". After the user is imported from LDAP he or she will use this name to login ELMA365.
  • First Name parameter. Specify the field storing the user name on the LDAP server, for example, "name".
  • Configure the Last Name parameter, Patronymic, Phone number parameter, Mobile number parameter, E-mail parameter and “Lock Status” parameter fields in the same way.

3. Group import

ad-ldap-4

Specify the ADSI path to user group, Group import filter, Group name parameter, Group description parameter, “Group members” parameter and others fields in the same way as for the User settings.

4. Automation settings

Here, you can turn on or off the automatic user synchronization and import.

ad-ldap-5

Synchronization automatically transfers all changes from AD/LDAP accounts to the associated ELMA365 accounts. Locked users, name or phone change, other personal data, for example.

Auto-Import automatically imports new users from AD/LDAP to ELMA365 at synchronization.

Set the synchronization frequency in minutes according to your company rules.

5. Save the settings

After that, the ELMA365 connection to the AD/LDAP server is checked. If the connection to the server is not established, you will see a message with an invalid parameter at the top of the page.

Found a typo? Highlight the text, press ctrl + enter and notify us