{"id":467,"date":"2024-03-19T06:22:03","date_gmt":"2024-03-19T05:22:03","guid":{"rendered":"https:\/\/kb.apptec360.com\/manual\/?post_type=knowledgebase&#038;p=467"},"modified":"2024-04-25T09:13:19","modified_gmt":"2024-04-25T07:13:19","slug":"ldap-overview","status":"publish","type":"knowledgebase","link":"https:\/\/kb.apptec360.com\/manual\/knowledgebase\/general-settings\/ldap-configuration\/ldap-overview\/","title":{"rendered":"LDAP Overview"},"content":{"rendered":"\n<p>Here you can establish a connection to your Active Directory via LDAP to mass import users and groups. The sync has to be performed manually. You can configure multiple LDAP connections to different systems or with different configurations\/filter.<\/p>\n\n\n\n<table id=\"tablepress-13\" class=\"tablepress tablepress-id-13\">\n<caption style=\"caption-side:bottom;text-align:left;border:none;background:none;margin:0;padding:0;\"><a href=\"https:\/\/kb.apptec360.com\/manual\/wp-admin\/admin.php?page=tablepress&amp;action=edit&amp;table_id=13\" rel=\"nofollow\">Edit<\/a><\/caption>\n<tbody class=\"row-hover\">\n<tr class=\"row-1 odd\">\n\t<td class=\"column-1\"><br>\n        <p>Server Name<\/p><br>\n      <\/td><td class=\"column-2\"><br>\n        <p>The Display Name of the Server<\/p><br>\n      <\/td>\n<\/tr>\n<tr class=\"row-2 even\">\n\t<td class=\"column-1\"><br>\n        <p>Type<\/p><br>\n      <\/td><td class=\"column-2\"><br>\n        <p>Currently only Active Directories which support LDAP are supported<\/p><br>\n      <\/td>\n<\/tr>\n<tr class=\"row-3 odd\">\n\t<td class=\"column-1\"><br>\n        <p>LDAP Domain<\/p><br>\n      <\/td><td class=\"column-2\"><br>\n        <p>The primary LDAP Domain (e.g. example.com)<\/p><br>\n      <\/td>\n<\/tr>\n<tr class=\"row-4 even\">\n\t<td class=\"column-1\"><br>\n        <p>LDAP Host<\/p><br>\n      <\/td><td class=\"column-2\"><br>\n        <p>Only necessary if the LDAP host is not reachable under the given LDAP Domain.<\/p><br>\n      <\/td>\n<\/tr>\n<tr class=\"row-5 odd\">\n\t<td class=\"column-1\"><br>\n        <p>Port<\/p><br>\n      <\/td><td class=\"column-2\"><br>\n        <p>Leave empty to use Standard Port (389 or 636 for SSL)<\/p><br>\n      <\/td>\n<\/tr>\n<tr class=\"row-6 even\">\n\t<td class=\"column-1\"><br>\n        <p>Username<\/p><br>\n      <\/td><td class=\"column-2\"><br>\n        <p>E.g. CN=John,OU=Users,DC=EXAMPLE,DC=COM Note: Most systems require the username in this format and do not accept \u201cJohn\u201d as Username<\/p><br>\n      <\/td>\n<\/tr>\n<tr class=\"row-7 odd\">\n\t<td class=\"column-1\"><br>\n        <p>Password<\/p><br>\n      <\/td><td class=\"column-2\"><\/td>\n<\/tr>\n<tr class=\"row-8 even\">\n\t<td class=\"column-1\"><br>\n        <p>Confirm Password<\/p><br>\n      <\/td><td class=\"column-2\"><\/td>\n<\/tr>\n<tr class=\"row-9 odd\">\n\t<td class=\"column-1\"><br>\n        <p>Connection Security<\/p><br>\n      <\/td><td class=\"column-2\"><br>\n        <p>Note: when using SSL or TLS, the certificate of the Active Directory will be checked. If this is self-signed you have to add the root CA to the trust storage of the OnPremise Machine. If you are on Cloud the Active Directory has to provide a trusted certificate or the connection will only work with no Encryption<\/p><br>\n      <\/td>\n<\/tr>\n<tr class=\"row-10 even\">\n\t<td class=\"column-1\"><br>\n        <p>Automatic Sync.<\/p><br>\n      <\/td><td class=\"column-2\"><br>\n        <p>Enables the automatic synchronization of the LDAP directory in the time interval specified in the general LDAP settings.<\/p><br>\n      <\/td>\n<\/tr>\n<tr class=\"row-11 odd\">\n\t<td class=\"column-1\"><br>\n        <p>Base DN<\/p><br>\n      <\/td><td class=\"column-2\"><br>\n        <p>If you don&#8217;t want to synchronize the whole directory, you can specify an OU here.E.g. OU=AndroidUsers,OU=Users,DC=EXAMPLE,DC=COM<\/p><br>\n      <\/td>\n<\/tr>\n<tr class=\"row-12 even\">\n\t<td class=\"column-1\"><br>\n        <p>Member of<\/p><br>\n      <\/td><td class=\"column-2\"><br>\n        <p>All imported users will be added to the selected group<\/p><br>\n      <\/td>\n<\/tr>\n<tr class=\"row-13 odd\">\n\t<td class=\"column-1\"><br>\n        <p>Only activated users?<\/p><br>\n      <\/td><td class=\"column-2\"><br>\n        <p>When enabled, the attribute userAccountControl will be considered, users without that attribute won&#8217;t be imported.<\/p><br>\n      <\/td>\n<\/tr>\n<tr class=\"row-14 even\">\n\t<td class=\"column-1\"><br>\n        <p>LDAP Filter<\/p><br>\n      <\/td><td class=\"column-2\"><br>\n        <p>You can use LDAP Filter to filter which Users get imported<\/p><br>\n      <\/td>\n<\/tr>\n<tr class=\"row-15 odd\">\n\t<td class=\"column-1\"><br>\n        <p>Regex Filter<\/p><br>\n      <\/td><td class=\"column-2\"><br>\n        <p>You can use Regex Filter to filter which Users get imported<\/p><br>\n      <\/td>\n<\/tr>\n<tr class=\"row-16 even\">\n\t<td class=\"column-1\"><br>\n        <p>Test Connection<\/p><br>\n      <\/td><td class=\"column-2\"><br>\n        <p>Tests the connection when saving the configuration<\/p><br>\n      <\/td>\n<\/tr>\n<tr class=\"row-17 odd\">\n\t<td class=\"column-1\"><br>\n        <p>Reset directory structure on sync?<\/p><br>\n      <\/td><td class=\"column-2\"><br>\n        <p>If true all LDAP entries will be moved back to their original location in the LDAP tree. Recommended to be enabled.<\/p><br>\n      <\/td>\n<\/tr>\n<tr class=\"row-18 even\">\n\t<td class=\"column-1\"><br>\n        <p>Re-import deleted users and groups?<\/p><br>\n      <\/td><td class=\"column-2\"><br>\n        <p>When enabled, users and groups that have been deleted will be recreated. Recommended to be enabled.<\/p><br>\n      <\/td>\n<\/tr>\n<tr class=\"row-19 odd\">\n\t<td class=\"column-1\"><br>\n        <p>Sync deletions?<\/p><br>\n      <\/td><td class=\"column-2\"><br>\n        <p>When enabled, groups and users will be deleted when they are deleted on the LDAP server. Also devices of deleted users will be deleted.<\/p><br>\n      <\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n\n\n\n<p>Below the list of your LDAP Configurations you can define the period in which the system sync automatically. Only uses the LDAP Configurations for automatic sync which have the according option activated.<\/p>\n\n\n\n<div class=\"pagebreak-after\"><\/div>\n","protected":false},"parent":465,"menu_order":0,"template":"","class_list":["post-467","knowledgebase","type-knowledgebase","status-publish","hentry"],"acf":[],"_links":{"self":[{"href":"https:\/\/kb.apptec360.com\/manual\/wp-json\/wp\/v2\/knowledgebase\/467","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kb.apptec360.com\/manual\/wp-json\/wp\/v2\/knowledgebase"}],"about":[{"href":"https:\/\/kb.apptec360.com\/manual\/wp-json\/wp\/v2\/types\/knowledgebase"}],"version-history":[{"count":5,"href":"https:\/\/kb.apptec360.com\/manual\/wp-json\/wp\/v2\/knowledgebase\/467\/revisions"}],"predecessor-version":[{"id":6531,"href":"https:\/\/kb.apptec360.com\/manual\/wp-json\/wp\/v2\/knowledgebase\/467\/revisions\/6531"}],"up":[{"embeddable":true,"href":"https:\/\/kb.apptec360.com\/manual\/wp-json\/wp\/v2\/knowledgebase\/465"}],"wp:attachment":[{"href":"https:\/\/kb.apptec360.com\/manual\/wp-json\/wp\/v2\/media?parent=467"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}