LDAP

LDAP synchronisation is used for downloading users from an external Active Directory.

  • Synchronisation
    1. Periodical synchronisation time 
      • Set the time when the 2N® Access Commander shall make a query to the LDAP server concerning user changes. 
    2. Last synchronisation status 
      • Information on the last synchronisation: whether it ended up with an error message or whether it ran successfully including the time when the event occurred.
    3. Synchronisation button
      • Click the button to start synchronisation immediately. Thus, the administrator does not have to wait for periodical synchronisation.  
  • Server settings
    1. Server name
      • In case DNS is set correctly, enter the server name („WIN-9ABEB4AUOHD“).
      • If DNS is not set, enter the IP address of the server where the LDAP service is running into the server name.
    2. Port
      • By default, the LDAP port is 389 (without SSL). If you want to use an encrypted connection in your company, enter port 636. Make sure that the SSL support is on the LDAP server side too. 
      • If the administrator sets a different port number, make sure that it is changed in the 2N® Access Commander too.
    3. Login name
      • Login name of the user who has the appropriate rights for the root or the whole tree. The login name must be entered in the following format: "administrator@domain.com“.
    4. Password 
      • The password of the specific user on the LDAP server.
    5. Use SSL
      • If SSL is disabled, it is unnecessary to rewrite the port number.
      • If SSL is enabled, it is necessary to change the port number to 636. 
    6. Delete configuration button
      • Click the Delete configuration button to delete the parameter settings without deleting the previously uploaded users.
  • LDAP schema
    1. Base DN
      • Base DN is the root point from which the directory search begins. It can be a suffix or directory root, for example: 
        "CN=administrator,CN=users,DC=domain,DC=com'“
  • Advanced settings
    1. Nested search
      • If nested search is used, the whole tree is searched instead of a root. 

Note

Remember to purchase and upload a licence to access the LDAP tab on the company.

Warning

Users are only imported via LDAP. Deleting a user in LDAP does not delete the same in 2N® Access Commander.

Tip

Refer to www.ldap.com for LDAP details.