Active Directory/LDAP Synchronization |
Top Previous Next |
UnForm can synchronize some or all users and groups with an LDAP or Active Directory server. This process creates groups, users, and group membership from the LDAP server, while also allowing private UnForm users to be maintained as well. Any user created from the synchronization process is authorized against the same server, so no internal password is maintained. Any time the synchronization is performed, the LDAP-based user and group lists are updated, while specific UnForm properties, such as design tool or workflow access options, are maintained.
Active Directory uses the LDAP protocol, so this process works with that type of server as well.
Profiles In addition to a default profile, stored in ldap.ini, you can add profiles by using the Add Profile button, or simply copying ldap.ini.sds to ldap.profilename.ini. This enables sites with multiple LDAP/AD servers to synchronize users and groups from different servers. Select the profile desired before running the sync process.
The server value supports three modes of operation, which must match how the LDAP server operates::
•Plain LDAP, without STARTTLS support (default port is 389) •LDAPS, which connects to the server using SSL (prefix with ssl:, default port is 686) •LDAP with STARTTLS, which converts to TLS/SSL mode after connection (prefix with tls:, default port 389)
The LDAP configuration expects a domain to form the base distinguished name values (sdsi.local, for example, becomes dc=sdsi,dc=local in LDAP searches).
The LDAP configuration found in ldap.ini support different database structures. Select one that works for the structure used. Additional structures can be configured easily. The ldap.ini file is distributed as "ldap.ini.sds", and copied automatically if not found when UnForm is installed or first started. If you customize ldap.ini, you can find the publisher-supplied version of definitions in ldap.ini.sds. The file is self-documented with comments.
The login and password are required to access the server and import user and group information. The LDAP server will validate these values.
If there are no errors, users, groups, and group membership information will be imported into the UnForm structures, and subsequent attempts to login to UnForm by an LDAP-based user will be authenticated against the LDAP server.
Since this process is potentially destructive, you can backup the user and group databases
|