Setting up and connecting a LDAP directory
Security > Configure LDAP
This configuration is to fill 3 tabs: Server Configuration, Users mapping and Groups Mapping.
|
When a tab has not sufficient information, the symbol is displayed before the name of the tab. Accordingly, the absence of this symbol in the 3 tabs will allow you to test the configuration (Test button) to validate (OK button).
|
Server Configuration tab
You have 2 ways to connect to the LDAP server (LDAP Protocol framework):
- Standard connection, select ldap.
- Secure connection, select ldaps.
- Server Name (or IP): this is the name of the server that contains the LDAP directory.
- Server Port: By default the port is set to 389.
Authentication
- Method: according to the company's security policy about connecting to the LDAP directory, select Anonymous Connection or Authenticated Connection. In the latter case, complete the following fields (the syntax to respect is the LDAP queries'):
-
- LDAP User Prefix. Example: sAMAccountName. This field is populated by default.
- DN of Reading User. In gray is displayed the syntax to follow. The moment you enter input, the syntax is erased. Example : CN = MNG Lectra, OU = Service Administrators, DC = intranet, DC = company, DC = es.
- Password: allows access to the LDAP directory.
Users Mapping tab
Data entered in this tab allow you to define how to recognize PLM users and what the correspondence between the LDAP fields and the PLM user fields is.
Except for the LDAP Base DN field , all fields are filled by default.
- LDAP Object Class. Example: user
- LDAP Base DN. In gray is displayed the syntax to follow.The moment you enter input, the syntax is erased. Example: ou = UserGroup01, ou = Users, OU = MNG, DC = intranet, DC = company, DC = es.
Synchronization parameter
The Filter is a search filter and is expressed in a specific syntax. It is mandatory and filled as soon as entering the Login, but you can complete it.
User fields match
- Login. Example: sAMAccountName. Entering the username filled the Filter field.
- First Name. Example: cn
- Name. Example: sn
- E-mail address. Example: userPrincipalName
Correspondence tab groups
Data entered in this tab allow you to define how to recognize PLM groups of users and what the correspondence between the LDAP fields and the PLM group fields is.
Except from the LDAP Base DN field, all the fields are filled by default.
- LDAP Object Class. Example: group
- LDAP Base DN. In gray is displayed the syntax to follow. The moment you enter input, the syntax is erased. Example: OU = Lectra, OU = Security Groups, OU = Groups, OU = MNG, DC = intranet, DC = company, DC = es.
- Membership Attribute Name . Example: member
LDAP Group Mapping
Name. Example: cn. Entering the username filled the Filter field.
Enable LDAP configuration
Activate LDAP button enables or disables LDAP service on server side.
Validation of the LDAP configuration
Once all tabs are filled, you can validate your configuration by clicking .
Testing the LDAP configuration
|
For LDAP configuration is taken into account, it is necessary to restart the application server. You are then able to test it.
|
- Click the Test button.
- You are informed, by a message, about the LDAP configuration test result.
- Confirm the message.
- Confirm the LDAP configuration by clicking the OK button.
- Configure LDAP window closes and on the bottom of the Edit Connection window displays the message LDAP repository configured. At this stage, you can synchronize the LDAP.
Synchronize the LDAP directory
Synchronizing the LDAP with the FIP platform adds all users concerned by the configuration. The date of the Last synchronization is displayed above the tabs, at the bottom of the Edit Connection window.
- In the Edit Connection window, click the Configure LDAP button.
- Click Synchronize.
- You are informed, by a message, about the result of the synchronization.