Difference between revisions of "Integration/LDAP"
Jump to navigation
Jump to search
old>Admin |
old>Admin |
||
| Line 3: | Line 3: | ||
* ldapServer | * ldapServer | ||
* ldapDomainDefault | * ldapDomainDefault | ||
== Synchronization options == | |||
Different options for LDAP integration exists | Different options for LDAP integration exists | ||
| Line 19: | Line 22: | ||
* ldapAuthenticationFallback | * ldapAuthenticationFallback | ||
== LDAP service account == | |||
In order to communicate with the LDAP server, the Tempus Serva application will need its own acount to carry out many of the synchronization operations: | In order to communicate with the LDAP server, the Tempus Serva application will need its own acount to carry out many of the synchronization operations: | ||
Revision as of 14:00, 8 March 2013
Basic configuration is the name of the LDAP server and domain that is binded to the application
- ldapServer
- ldapDomainDefault
Synchronization options
Different options for LDAP integration exists
- Validate credentials: Check username/password against LDAP
- Synchronize groups: Add/remove groups as defined in the LDAP
- Create missing users: Create users with correct LDAP credentials
Credential validation (1) is mandatory, while group synchronization (2) and automatic user creation (3) is optional.
- ldapAuthentication
- ldapMaintainGroupsOnLogon
- ldapCreateUsers
In case the LDAP is not responding the server can be allowed to use local application credentials:
- ldapAuthenticationFallback
LDAP service account
In order to communicate with the LDAP server, the Tempus Serva application will need its own acount to carry out many of the synchronization operations:
- ldapUsername
- ldapPassword
No permissions except lookup rights are required for this role.