User and Permission Management > LDAP Configuration

Users need to enter the manage system-> system settings-> permission management system configuration to set up. Modify the privilege management system to LDAP synchronization & file permission management system.

When the user selects LDAP synchronization & File permission Management system，The LDAP server of the user can be docked by configuring the correspondence between the LDAP server and the permission system. In this form, users in the LDAP can be synchronized into the system and given access to resources and actions，As shown below.

ldap1

❖Server Configuration

【URL】Url of LDAP server, generally in the form of url：port；

【Page Size】 number of entries that can be imported per page, which is set by the user based on the total number of LDAP users and can be set to 500 or 1000;

【Login Name 】User name of login LDAP;

【Login Password】Password of login LDAP;

【Domain】The domain name of the LDAP server, such as: dc=yonghongtech,dc=com。

❖User Attribute Configuration

【ObjectClass】LDAP object class, LDAP's built-in data model，such as inetOrgPerson object class。Each objectClass has its own data structure，such as: User's objectClass，Many properties are built in，such as:name,password,mobile etc. All data that owns this object class will be parsed as a user entry;

【UID】Mapping of the user's uid to the name of the file in the item.For example: when using the "name" attribute in a LDAP entry as a UID，When synchronized into the system, the value of the "name" attribute corresponds to the user's user name in the system;

【Attribute configuration】The correspondence between system property and LDAP property，As shown below.

ldap2

❖Group Attribute Configuration

Same user attribute configuration

❖Role Attribute Configuration

Same user attribute configuration

❖Timing Synchronization Setting

Click on the input box for timing synchronization to select the timing synchronization time in the drop-down list,after selection, the system automatically synchronizes with the LDAP server at this time of day.

❖Manual Synchronization

After configuring the attributes, click synchronize LDAP manually, and the system will synchronize according to the configured correspondence.When synchronized, the log of LDAP synchronization is automatically displayed below.

❖Stock Synchronization

If ldap has been synchronized once, when it is synchronized again, it is called "stock synchronization". Through the attribute: ldap.group.synchronize = true/false to determine whether the user attribute in ldap overrides the user attribute in the product, the default value is true.

ldap.group.synchronize = true means that during stock synchronization, if the matching attribute of the product and ldap is configured, the attribute value in ldap will override the corresponding attribute value in the product. E.g:

1) When the "Email" in the product is configured to match the attribute "email" in ldap, and then the stock synchronization is performed, the email attribute value in ldap will override the mailbox configuration in the product.

2) There is user user1 in ldap, and the path is under People. When syncing for the first time, sync user1 to the product, and its parent group is People. In the product, the parent group of user1 is adjusted to group1, and the stock synchronization is performed. The parent group of user1 becomes People again.

ldap.group.synchronize = false means that during stock synchronization, if the matching attribute of the product and ldap is configured, the attribute value in ldap will not overwrite the corresponding attribute value in the product, that is, the attribute value in the product is retained. E.g:

1) The "Email" in the product is configured to match the attribute "email" in ldap, and when the inventory is synchronized, the email attribute value in ldap will not overwrite the mailbox configuration in the product.

2) There is user user1 in ldap, and the path is under People. When syncing for the first time, sync user1 to the product, and its parent group is People. In the product, adjust the parent group of user1 to group1, and then perform stock synchronization, and the parent group of user1 is still group1.

➢Note:

The ldap synchronization does not verify the validity of the mailbox and password, that is, the mailbox and password can be synchronized successfully even if they are not filled in or are not valid.

The name of the ldap user cannot be changed. For example: change the name of ldap user "user1" to "user2", click Save will prompt: LDAP user can not modify user name.