LDAP Configuration

<< Click to Display Table of Contents >>

Current:  User and Permission Management 

LDAP Configuration

 Previous pageReturn to chapter overviewNext page

Users need to enter the manage system-> system settings-> permission management system configuration to set up. Modify the privilege management system to LDAP synchronization & file permission management system.

When the user selects LDAP synchronization & File permission Management system,The LDAP server of the user can be docked by configuring the correspondence between the LDAP server and the permission system. In this form, users in the LDAP can be synchronized into the system and given access to resources and actions,As shown below.

ldap1

 

Server configuration

【URL】Url of LDAP server, generally in the form of url:port;

【Page Size】 number of entries that can be imported per page, which is set by the user based on the total number of LDAP users and can be set to 500 or 1000;

【Login Name 】User name of login LDAP;

【Login Password】Password of login LDAP;

【Domain】The domain name of the LDAP server, such as: dc=yonghongtech,dc=com。

 

User attribute configuration

【ObjectClass】LDAP object class, LDAP's built-in data model,such as inetOrgPerson object class。Each objectClass has its own data structure,such as: User's objectClass,Many properties are built in,such as:name,password,mobile etc. All data that owns this object class will be parsed as a user entry;

【UID】Mapping of the user's uid to the name of the file in the item.For example: when using the "name" attribute in a LDAP entry as a UID,When synchronized into the system, the value of the "name" attribute corresponds to the user's user name in the system;

【Attribute configuration】The correspondence between system property and LDAP property,As shown below.

ldap2

 

Group attribute configuration

   Same user attribute configuration

 

Role attribute configuration

   Same user attribute configuration

 

Timing synchronization setting

   Click on the input box for timing synchronization to select the timing synchronization time in the drop-down list,after selection, the system automatically synchronizes with the LDAP server at this time of day.

 

Manual synchronization

    After configuring the attributes, click synchronize LDAP manually, and the system will synchronize according to the configured correspondence.When synchronized, the log of LDAP synchronization is automatically displayed below.

 

Stock synchronization

If ldap has already synchronized once, it is called "stock synchronization" when it is synchronized again. When the stock is synchronized, the properties value in the ldap overwrite the properties value in the product.

For example, there is a user user1 in ldap under the parent group People. Synchronize the user1 to the product through ldap synchronization. Adjust the parent group of user1 to group1, for ldap synchronization again in the product, and the parent group of user1 will also become People.

 

Note:

The ldap synchronization does not verify the validity of the mailbox and password, that is, the mailbox and password can be synchronized successfully even if they are not filled in or are not valid.

The name of the ldap user cannot be changed. For example: change the name of ldap user "user1" to "user2", click Save  will prompt: LDAP user can not modify user name.