LDAP catalogs

General information

LDAP catalogs allow you to centralize the user management. Axxon One supports three operation scripts with LDAP:

• Manual registration of LDAP users: allows granting selective access to the LDAP catalog. The administrator manually creates the Axxon One user and links it with the LDAP account.
• Synchronization of LDAP users: allows adding users in bulk. The system loads users from the selected LDAP branch and automatically adds them to the selected Axxon One role.
• Automatic registration of LDAP users: allows any LDAP user to log in to Axxon One under one or multiple predetermined roles. After the system successfully checks the password, the user is automatically added to the configuration and gets the role specified in the Role for automatic registration of user field.

Configuration of the LDAP catalog

To configure the LDAP catalog, do the following:

1. Go to the Configuration management tab → Users.

2. In the LDAP catalogs group, click the Create... button.

   
   The LDAP 1 object is added to the system. On the right, the panel with connection settings to the LDAP 1 catalog is displayed.
3. Specify the LDAP catalog settings listed in the table:
   

   Field	Value	Description
   LDAP connection
   Name	LDAP 1	Enter the name of the catalog
   Server name or IP address	ldap.postland.org	Enter the address of the LDAP catalog server
   Port	636	Enter the connection port of the LDAP catalog server
   Use secure connection (SSL)		Set the checkbox if you want to use a secure connection (SSL) when you connect to the LDAP catalog
   Base DN	ou=Address,dc=company,dc=domain	Enter the Distinguished Name of the branch from which the data search starts Attention! If LDAP users are located in multiple directories with the hierarchical structure, you cannot synchronize all users at the same time. To synchronize each user group in the DN branch, you must specify the path to the corresponding directory. For example, LDAP contains the Employees directory and the Managers, Cashiers and Salesmen subdirectories: DN branches for synchronizing users within the Managers directory: ou=Managers,ou=Employees,dc=example,dc=com. DN branches for synchronizing users within the Cashiers directory: ou=Cashiers,ou=Employees,dc=example,dc=com. DN branches for synchronizing users within the Salesmen directory: ou=Salesmen,ou=Employees,dc=example,dc=com.
   User	uid=your.login,ou=Users,dc=company,dc=domain	Enter the name of the user who has the read access from the base DN in the LDAP (RDN + DN) format
   Password		Enter the user password
   Filter settings
   Search mode	Users	Select the search mode in the catalog
   	Groups
   	Users in Groups
   	Users and Users in Groups
   Search filter	(objectClass=person)	Enter a filter string of entries in the catalog Attention! To upload users by groups, not by catalogs, you must use the memberof attribute in the filter. For example: (&(objectClass=user)(memberof=CN=YourGroup,OU=Users,DC=YourDomain,DC=com))
   Group search filter	(objectClass=group)	Enter a filter string of entries in the group Attention! The Search filter and Group search filter fields are mutually exclusive and are activated depending on the value in the Search mode field: Users—only the Search filter field is active. Groups—only the Group search filter field is active. Users in Groups and Users and Users in Groups—both fields are active.
   LDAP templates	OpenLDAP	Select a template to set the username attribute
   	Microsoft Active Directory
   Username attribute	cn	Enter the attribute from which the username is obtained. To search for users via the sAMAccountName attribute, you must enter the attribute in lowercase letters—samaccountname.
   DN attribute	entrydn	Enter the attribute from which the user's DN is obtained. The default value of the DN attribute depends on the selected LDAP template: For the OpenLDAP template, the value entrydn is used. For the Microsoft Active Directory template, the value distinguishedname is used
   Role for automatic registration of user		Select a role to which new users of the LDAP catalog are automatically added when they log in to Axxon One. If you don't specify a role, the automatic user creation for this catalog is disabled

   
   
4. Click the Apply button.

As a result, the LDAP catalog is added to the system.

To test the connection, click the Test connection button. If the connection isn't successful, an error message appears.

To upload the catalog users, click the Load button. If the connection is successful, the form below is filled with user data. Otherwise, an error message appears.

Synchronization of the LDAP catalog

Synchronization can be performed manually or automatically. To synchronize LDAP catalogs:

1. On the Users tab, click the LDAP catalogs group.
   
2. Specify the synchronization parameters listed in the table:
   

   Parameter	Value	Description
   Auto synchronization settings
   Enable		By default, automatic synchronization is disabled. To enable automatic synchronization, set the checkbox
   Synchronization server		Select the synchronization server from the drop-down list
   Synchronization period	1 day 0 hours 0 minutes	Set the period for automatic synchronization
   Synchronization status
   Status	Stopped	By default, the synchronization status is Stopped. Once synchronization starts, the status changes
   Last synchronization	Unknown	By default, the date of the last synchronization is displayed as Unknown. Once synchronization starts, the date and time of the last synchronization are displayed

   
   
3. Click the Apply button.
4. To start manual synchronization, click the Manual Synchronization button.

Configuration of synchronization is complete.

Copy the LDAP catalog

To copy a catalog with all current settings saved:

1. Click the name of the catalog that you want to copy.
2. Click the Create button.

As a result, the new catalog with identical settings is created. The default name of the new catalog is LDAP 1, LDAP 2, and so on, depending on the number of previously created catalogs.

Remove the LDAP catalog

To remove a catalog:

1. Click the name of the catalog that you want to remove.
2. Click the Remove button.

As a result, the selected catalog is removed.