<< Click to Display Table of Contents >> RayVentory Data Hub > 12.5 u5 > Administration and User Guide > Guides and How-Tos LDAP Configuration and Usage |
In RayVentory Data Hub the Lightweight Directory Access Protocol (LDAP) is used to get user and group data from the Active Directory. This enables RayVentory Data Hub to synchronize AD users with RayVentory Data Hub users.
In order to use LDAP it first needs to be activated in the system settings. Without being activated LDAP features will not be available. In order to activate LDAP, go to Site-Adminstration > System Settings.
In the System Settings tab, click on the Edit button located at the top left.
Enter the domain name into the LDAP DOMAIN NAME field.
If using a custom port, enter the port into the LDAP PORT field. If using one of the default ports, it is not necessary to enter a port into the field. The default ports used for LDAP are 389 for unsecured or STARTTLS connections and 636 for connections secured by TLS (LDAPS). Information on how to configure LDAP for TLS can be found in the LDAP Configuration Using the appsettings.json chapter.
In order to automatically create users that do not yet exist in RayVentory Data Hub, check the CREATE NOT EXISTING LDAP USERS IN DATAHUB checkbox. If the checkbox is checked, all LDAP users that log into RayVentory Data Hub will automatically be added to the RayVentory Data Hub user list.
The LDAP settings (LDAP DOMAIN NAME and CREATE NON EXISTING LDAP USERS IN DATAHUB) will now be visible in the System Settings tab.
In the next step users and groups within the LDAP path can be mapped to a specific RayVentory Data Hub group. In order to do this, go to Administration > Groups.
Either click on the + Add button to create a new group or go to the details page of an already existing group and click on the Edit button.
In order to map a group with users given within LDAP enter the Distinguished LDAP name into the DISTINGUISHED LDAP NAME field. The Distinguished LDAP name can be combined of any of the following attribute types.
String |
Attribute Type |
---|---|
DC |
domainComponent |
CN |
commonName |
OU |
organizationalUnitName |
O |
organizationName |
STREET |
streetAddress |
L |
localityName |
C |
countryName |
UID |
userid |
All LDAP users that are mapped will become part of the RayVentory Data Hub group and will receive the rights that belong to users of that group.
Example:
CN=Development,OU=VPN,OU=Domain Groups,DC=raynet,DC=com
More information about distinguished names can be found in the Microsoft documenation.
Groups that have been mapped with LDAP users will be shown with the following symbol in the Type column (the Type column is only visible if LDAP has been activated).
In order to map a specific user to an existing LDAP user, go to Site-Adminstration > All users and open the details page for the target user.
Enter the name of the LDAP user into the LDAP USERNAME field and save the changes. The user will now be mapped with the LDAP user. It is now possible to use either the credentials of the RayVentory Data Hub user or the credentials of the LDAP user in order to log in to this RayVentory Data Hub user account.
Users that have been mapped with LDAP users will be shown with the following symbol in the Type column (the Type column is only visible if LDAP has been activated).
Be aware: Users that are linked to a directory service via LDAP cannot be set manually. Therefore it is no longer possible to remove them from a tenant. Any changes need to be done in the directory service. |