Difference between revisions of "Integration/LDAP"
Jump to navigation
Jump to search
old>Admin |
old>Admin |
||
Line 5: | Line 5: | ||
All configuration options are found in: [[Policy#Active_directory]] | All configuration options are found in: [[Policy#Active_directory]] | ||
== Synchronization options == | == Synchronization options == |
Revision as of 14:02, 8 March 2013
Basic configuration is the name of the LDAP server and domain that is binded to the application
- ldapServer
- ldapDomainDefault
All configuration options are found in: Policy#Active_directory
Synchronization options
Different options for LDAP integration exists
- Validate credentials: Check username/password against LDAP
- Synchronize groups: Add/remove groups as defined in the LDAP
- Create missing users: Create users with correct LDAP credentials
Credential validation (1) is mandatory, while group synchronization (2) and automatic user creation (3) is optional.
- ldapAuthentication
- ldapMaintainGroupsOnLogon
- ldapCreateUsers
In case the LDAP is not responding the server can be allowed to use local application credentials:
- ldapAuthenticationFallback
LDAP service account
In order to communicate with the LDAP server, the Tempus Serva application will need its own acount to carry out many of the synchronization operations:
- ldapUsername
- ldapPassword
No permissions except lookup rights are required for this role.