Registering LDAP Connection

ldap ( lightweight directory access protocol ) is a standard protocol that allows managing directories managing directories , that is, accessing information banks about the users of a network through tcp/ip protocols you can configure citsmart citsmart to query available user bases in a directory service (microsoft active directory or open ldap), which allows these users to authenticate at citsmart citsmart by using their credentials without having to manually enroll them (at citsmart citsmart ) today, the reading of data from an ad/ldap server boils down to the " user " object that way you can use filters to bring them to citsmart citsmart moreover, you can use the " field mapping " option to upload attribute information (e g email, phone, location, and others) below is an authentication model for citsmart citsmart cloud customers who want to use their on premises directory base before getting started if you want to automatically set up and synchronize the users, it is necessary to create a cron for this purpose (e g synchronize users every day at 12 00 am); to create a schedule go to processes > event management > time procedure configuring connection access the menu parametrization > ldap configuration ; click on " new "; complete all the fields available; field description example implementation type of directory server ad/openldap url connection access address to the directory base note that you can use an unencrypted (port 389) or encrypted (port 636) connection ldaps\ //auth domain com 636 dn base dn base used to search user entries dc=domain,dc=com dn alias domain/connection name, this name will be visible on the login screen domain com filter filter to query objects in directories (&(objectcategory=person)(objectclass=user)) dn manager user with permission to search the directory in this case, enter the value according to the "distinguishedname" attribute of ad cn=service user,ou=company,dc=domain,dc=com manager password the password of the dn manager default setting if the connection is available on the login screen yes/no 📌 important ! if there are no dn groups, complete the " dn group " field with an asterisk only this will make the system verify the entire domain 4\ check connectivity with the base by clicking on " test connection ", if all data is correct you will receive the message " connection successful "; 5\ click on " save " ⚠️ attention ! before asking to test you must click on " save " to save the configuration, otherwise, the test will use the data prior to the changes made on the screen configuring dn group and appointments after you have successfully configured a connection, you must add preferences for user synchronization, in which case you must enter ldap groups and field mapping for " ldap groups " you have the possibility to create customizations where certain users will automatically inherit permissions in citsmart citsmart via linkage with the access profile or group for the " field mapping " item, you can configure the application to read ad/ldap attribute information and bring it into the employee record (e g read the "mail" attribute and feed the "e mail" field of the employee) to link new groups, click on " add " in the ldap groups area and enter the data field description example dn grupo path to the dn group ou=users, ou=company filter filter to search for the object leave blank to use what is defined in the connection (&(objectcategory=person)(objectclass=user)) attribute to name enter the attribute to read the name (e g cn, samaccountname, etc ) cn update links how often the "access profile" and "group" fields will be updated when performing sync (options always, never, or creation only always access profile system profile that the users will inherit manager group system group that the users will be entered managers scheduling the period when auto sync will run \[everyday] 2\ to link attributes to fields, click on " add " in the field mapping area, enter the name of the ldap field and select the corresponding field in citsmart citsmart ; field in ldap field in system mail e mail telephonenumber phone localeid location 3\ click on " save " 🖊 note when there is an authentication request in the system identification screen (login and password), a correct connection search cycle is executed based on this configuration, that is, there is an authentication attempt for each domain registered here (if there is more than one) to use ldap protocol using the ldaps protocol in citsmart citsmart requires the ad/ldap server public certificate in the java ca certificate store (on your wildfly server) therefore, you must export it from the ad/ldap server and import it into your instance if you have questions about importing certificates on the application server installation document what to do next to use ad/ldap authentication effectively, after registering the connection, change parameter 22 and enter a value equal to " 2 ", that is, indicate that the default authentication method in citsmart citsmart is ad/ldap however, manual authentication will continue to function normally