LDAP Import Configuration
The LDAP
import screen lets you import users from the domain's Active
Directory server.
We
recommend you create a separate user account for CASG
to login to the AD server,
and that this account be
given read-only permissions.
Configure LDAP import
- Open the 'Domains' interface
- Select the domain to which you want to import users.
- Click the 'Manage Domain' button
- Click 'Account management' > 'LDAP import configuration':
The 'LDAP import configuration'
interface will open:
Connection Settings
- Host (IP Address or Name) - Enter the hostname or external IP address of the AD server. If your organization uses the same physical server for AD and mail, then enter the details of the mail server.
- Port - Enter the port number of the Active Directory server.
- 389 is the default port for non-SSL connections ('Use SSL To Connect?' box NOT checked)
- 636 is the default port for SSL connections ('Use SSL To Connect?' box checked)
- Use SSL To Connect? - Select 'Yes' to use secure LDAP. You need to have an SSL certificate from a trusted certificate authority on your AD server. Self-signed certificates are not allowed.
Note: SSL access should have been enabled for the AD Server before enabling the SSL option. |
Login/Query Settings
- LDAP login name - Account username which CASG should use to login to the AD server. Preferably, a new user account should be created especially for the CASG server. The user account should have 'read' privileges to the AD server. The username can be of the format 'username' or 'username@domainname.com'
- Password - Enter the password of the LDAP user account above.
- Remember Credentials - Enable if you want CASG server to store the username/password of the user account in order to automatically login.
Note: If you enable automatic synchronization, the 'Remember Credentials' option will not be visible because CASG will store the username and password by default. This allows CASG to connect to the AD server at the set time interval to update the user base. The option will become visible if 'Synchronization Interval' setting is set as 'no auto updates'.: |
- Synchronization interval - This is relevant if you want CASG to connect to the AD server in order to synchronize the user base. Select the time interval at which the synchronization occurs from the drop-down. If not, select 'No auto updates'.
- BaseDN - Distinguished Name of the user object in Active Directory. By default, the BaseDN field will contain the Domain Component (DC) values based on the domain name for which LDAP is configured. You can add/change the values of the strings 'Container Name (CN)', 'Organizational Unit (OU)' and 'domain name' depending on the users to be imported from the Active Directory.
Example: For adding users from Container 'Users', Organizational unit 'Organization' and domain 'example.com', the administrator has to enter the following:
CN=Users, OU = Organization, DC=example, DC=com
- Filter - Enables the Administrator to specify filter parameters users/addresses to be imported from the AD server. Each filter parameter should be defined within parentheses. Common filter parameters are explained below:
(objectClass= < ad user type > ) - Specifies the user accounts to look for from the domain’s Active Directory. (Default=(objectclass=user))
(mail=* < domain name > ) - Instructs CASG to import only the users that have a defined SMTP account within the domain. By default, the filter is pre-added with the parameter (mail=*@[current domain name]) to import the users that have email addresses on the current domain.
You can add any number of (mail=) filters if you wish to add several domain names
Example: (mail=*@domainname1.com)(mail=*@domainname2.com)
To import all email enabled users from the Active Directory irrespective of any specific domain name, enter the parameter as '(mail=*)'.
To modify a filter parameter to be exclusive rather than inclusive, add an exclamation mark (!) before the opening parenthesis of any parameter. This will instruct the query to ignore any users which fall into that category. For example, if one wanted to configure a query to find users with mail enabled at any domain EXCEPT domainname.com, the filter should include the following: (mail=*)!(mail=*@domainname.com).
To import all email enabled users from the Active Directory irrespective of any specific domain name, enter the parameter as '(mail=*)'.
Note:
|
- Mail attribute - Enter the LDAP display name of the contact email address attribute of the AD Server. By default, this attribute name will be 'mail' for AD servers or the distinguished name (DN) or common user login name for the AD server. On other servers like Novel or OpenLDAP this attribute may be different and server specific.
-
Allow CASG to create user accounts as found on LDAP server – Select this checkbox if you wish new users added in the AD server to be automatically added to CASG during synchronization. If you do not select this option, you can manually import the new users from the LDAP import confirmation page.
-
Allow CASG to delete user accounts not found on LDAP server – Select this checkbox if you wish users removed from AD server, to be automatically removed from CASG during synchronization. If you do not select this option, you can manually remove users from the LDAP import confirmation page.
Information Settings
- Send Reports - If enabled, CASG will send email notifications to the administrator whenever new users are created or users are removed either automatically, (if 'Allow to create users?'/'Allow to delete users?' are enabled) or manually from the LDAP import confirmation page.
- Last synchronization time (GMT) - Displays the date and time of last manual or scheduled synchronization with AD server, in GMT.
- Notification area – Contains information about errors that occurred during synchronization. In most cases, this will contain the same information that is provided with the “Test connection” feature. Note - this area is only visible if errors occur.
- To check the configuration and connectivity, click 'Test Connection'. If the connection is established successfully then the success message will be displayed with the total number of users detected from the AD server.
- Click 'Save' to store your configuration.
- Click 'Save and run synchronization now' to store your configuration and synchronize the CASG user base with the AD server.