Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Corrections Configurationfile

...


Code Block
languagebash
(&(&(objectClass=user))(test=test))


You can then test the configuration specified above in the bottom section. Optimally, the following notification is displayed:

Code Block
Connection OK!
XX object(s) found in OU=tree,OU=synetics,DC=synetics,DC=int.


If the error message is not clear enough in the event of a failure, the debug level can be increased so that further outputs are written into the Apache error log. In Debian-based operating systems the error log can be found at /var/log/apache2/error.log.

Object identification

Without any further setting, e.g. Unique identifier, is identified using the login attribute from the category Persons → Login.

Directories

Afterwards you can set up the mapping via Administration → Interfaces / external Data → LDAP → Directories. It is used to query basic information during the login process about the user who is logging in and to save it for the user that is going to be created in i-doit. After choosing the applicable  directory the assignment can be carried out. However, the fields are filled by default and generally do not need any changes.

...

Advanced Configuration

The configuration has to must be carried out done in the handler configuration. You can find an example for this at src/handler/examples/ named isys_handler_ldap.iniAn example can be found here (i-doit < 1.15. This file can be filled with credentialsextended and customized with login data, tenant and attribute assignments (at attributes) and attributes. The configuration file is then moved to the /src/handler/ folder.config/.
So that this file is considered e.g. with the ldap-sync Command, this must be indicated with the sync over a further parameter (-c /path/) also (further information to the Console).

ParameterPurpose
import_rooms

When set to “true”, also rooms are created with the synchronization.(Default: false)

defaultCompany

Through this the users added by the LDAP synchronization are assigned automatically to the configured organization. (Default: empty)

e.g .

defaultCompany='i-doit'

deletedUsersBehaviour

Can be set to archivedelete or disable_login to set users to the status archived or deleted when they cannot be found anymore via the synchronization. A user that is archived or deleted cannot log in to i-doit anymore!

Or you just deactivate the login for the users.

(Default: archive)

e.g.

deletedUsersBehaviour=archive

disabledUsersBehaviour

Can be set to archivedelete or disable_login to set users to the status archived or deleted when they cannot be found anymore via the synchronization. A user that is archived or deleted cannot log in to i-doit anymore!

Or you just deactivate the login for the users.

e.g.

disabledUsersBehaviour=archive

rooms

As seen in the example, an assignment of an user to a room can be predefined here. The assignment is carried out via the contact assignment without a role.

e.g. 

rooms["Raum B"] = ["Person A", "Person C", "Person D"]

attributes

The respective fields from the directory are linked with attributes in i-doit using the “Attributes”. These complement the assigned attributes described in the above mentioned part of the guide.

e.g.

attributes[department]=department

autoReactivateUsers

This is only relevant for Novel Directory Services (NDS) and OpenLDAP. During synchronization all users are activated again with this and deactivated according to the common principle, if applicable.

e.g.

autoReactivateUsers=false

ignoreUsersWithAttributes

This function helps to prevent synchronization of unwanted directory objects.

The user will not be synchronized if the ignoreFunction fails for all selected attributes.

e.g.

ignoreUsersWithAttributes[]="samaccountname"

ignoreFunction

This can be any function name which can be called through call_user_func or the defined functions.

Defined functions:

empty
!empty
isset
!isset

e.g,

ignoreFunction=empty

...