Add an LDAP Connector
Before you are able to import an LDAP group, you must first create a means for VBrick Rev to communicate with Active Directory and LDAP groups. This is accomplished by creating an LDAP Connector and then running that connector on a host or through a direct connection if you have an on-premise installation. Be aware that the connector will always need to be running on the host you choose for importing and synchronizing your LDAP groups and users if you do not have a direct connection enabled.
To add an :
| Tip: Depending upon the you choose, most fields are completed for you when adding an LDAP Connector. If you intend to modify those fields and are unsure of exact values, consult the documentation for more information: |
1. Navigate to > > button.
2. Select .
3. Complete each section of the form as described below.
Add the LDAP Connector as a Direct Connection
The section first needs to be completed as either a (normally for on-premise installations) or as a host/node where you will need to inactivate Direct Connection and enter a instead.
This example has Direct Connection in active status which will disable the ability to enter a MAC Address.
Field Name | Required | Description |
Device Name | Yes | Keep in mind that the of your connector becomes the parent group name for all imported groups. In the example above, all LDAP groups will be imported under the heading under the module. |
Status | | Designates whether or not your connector is currently active or inactive. |
Direct Connection | | Enabled by default. Recommended for on-premise Rev installations to provide a direct connection to Active Directory. If this setting is enabled, you will not be required to edit your Rev runtime or configuration files described in the topic: Edit and Run the LDAP Connector Runtime Files. Nor will you be required to run an LDAP server host since this setting provides a direct connection to Active Directory. Finally, you will not be required to enter a Mac Address which is used to run one or more LDAP Connectors on a host/node. |
Allow LDAP Authentication for Users | | Enabled by default. Specifies if users will use LDAP authentication. If disabled, user/group sync will use LDAP while user authentication will use SAML. See: Disable LDAP Authentication for Users. |
Add the LDAP Connector through a Connector
To run the LDAP Connector on a host, make sure you disable the and enter a for each you plan to use. You may configure the status per node or through the entire LDAP Connector as desired (unless there are no active nodes). If more than one node is configured, the system will distribute tasks among the available nodes.
Field Name | Required | Description |
Connector Nodes / MAC Address | Yes | Only visible if Direct Connection is set to inactive status. The for the is required if Direct Connection is inactive and you will be unable to create the connector without it if you plan to run your connector on a host. This should be the address of the host you plan to run your connector from. This is easily obtained by entering the command getmac from a command prompt. The Mac Address is the first line with no dashes. You may add additional nodes by clicking the button. Further, you may change the status of each node at will by clicking the and buttons. Click the button to remove a node. |
The first two of each node you add may be viewed on the main page under the column.
LDAP Connector Status depends on the following node states:
●If LDAP Connector is active and all active LDAP nodes are online: Active
●If LDAP Connector is active and at least one active LDAP node is offline: Warning <# of offline nodes/# of active LDAP nodes>
●If LDAP Connector is active and all active LDAP nodes are offline: Offline (See image above)
●If LDAP Connector is inactive: Inactive
LDAP Server Settings
Once you decide how you are going to run the connector, complete the section.
Field Name | Required | Description |
Directory Type | Yes | The directory type that the supports; Note that when you choose a directory type, the LDAP Server Mapping fields will be automatically populated with the recommended default settings for that type. |
LDAP Server Host | Yes | The IP address or name of the host. |
Port | Yes | The default port is 389. Use 636 if using SSL. |
SSL | | Indicates the LDAP connection is over SSL if selected. |
Username | Yes | The user name that has been set up for your LDAP server host. |
Password | Yes | The password that has been set up for your LDAP server host. |
| Tip: This topic uses as the when creating an LDAP Connector. However, selecting is much the same process. |
LDAP Server Mapping
Most of the section is populated with recommended default values and formats when you choose a in the
LDAP Server Settings section. The image below displays the server mappings for . These fields may be modified if needed. Most fields are required.
| Note: Keep in mind that if you change the field in the section after you have already imported groups and users, you will need to re-import your group. |
LDAP Groups Specification
The section is used to import specific LDAP groups and is only visible if the checkbox is selected in the section.
If you are an organization with hundreds or even thousands of LDAP groups, this may take a considerable amount of time. You may use the checkbox to enter the LDAP group you want to import instead. This will open the section where you may enter the Distinguished Name (DN) of the LDAP group to be imported seen in the example below.
By default, the checkbox is deselected which means that all LDAP groups associated with your Active Directory server will need to be retrieved and displayed for potential import when you click the action for an LDAP Connector device or the button from the module, seen in the image below.
Keep in mind:
●You must enter the LDAP DN name exactly as it appears. If it is misspelled or entered incorrectly it will not import. Note: It is not case sensitive.
●If you use this method, you may no longer use the action for an LDAP Connector device or the button from the module until the checkbox is once again deselected.
●If the checkbox is deselected and you want to import new groups, then the button must used to manually sync the connector; or you may also wait until the next scheduled sync interval has been performed. See:
LDAP Server Synchronization Settings.
User Record Mapping
Similar to the section, the section is populated with recommended default values and formats when you choose a in the
LDAP Server Settings section. The image below displays the user record mappings for . These fields may be modified if needed. Most fields are required.
LDAP Server Synchronization Settings
The section is used to specify the sync interval from Active Directory to VBrick Rev.
You can specify a sync interval in minutes or hours. The recommended interval is 24 hours; particularly if importing and/or syncing large groups of users so you do not tie up server resources during peak usage time by your end users. Note that you must specify a synchronization interval.
If your sync needs to be reset for any reason, you may use the link in the Actions drop-down on the All Devices form to do so.
See Also: