Users and administrators can be authenticated by the default platform or by external LDAP system. LDAP ensures efficient use of data stored in the directory at several servers and uses various information synchronization methods.
To set up interaction with external LDAP system, use the LDAP Settings subsection.
To set up LDAP authentication:
Set LDAP connection parameters on the Connection tab:
Connect to LDAP Directory. Select the checkbox to further connect to LDAP directory.
Host. Specify IP address or DNS name, by which LDAP server is available. To check connection, click the Check Availability button. If the answer is yes, the Response Received green button is displayed; if the answer is no, the Unavailable red button is displayed. If the host is unavailable, check internet connection or server connection settings for the specified host.
Port. Specify TCP port, by which LDAP service is available. To connect to LDAP using SSL protocol, specify port 636 and select the LDAP SSL checkbox.
LDAP SSL. Select the checkbox to connect to LDAP using SSL protocol and make sure that port 636 is specified. An SSL certificate must be installed on the domain controller.
Connect to Global Directory. Select the checkbox to connect to global directory and make sure that port 3268 is specified. When connecting to global directory, it is available to import users from all domains connected to the global directory. For easy user domain definition, user login is displayed as follows: <login@domain>.
Base DN. Specify branch of the LDAP directory, from which the platform searches for LDAP users.
Technical User Login. Enter technical user login in the LDAP system, who has permissions to read from LDAP directory.
Technical User Password. Enter technical user account password.
The boxes are mandatory.
Click the Check Connection button to check specified LDAP connection parameters. If the answer is yes, the Connected green button is displayed; if the answer is no, the Connection Error red button is displayed. If a connection error occurred, check internet connection or LDAP connection parameters.
Click the Synchronization button to check if user information is exchanged between LDAP and the platform. If the answer is yes, the Successful green button is displayed; if the answer is no, the Unsuccessful red button is displayed. If a synchronization error occurred, check internet connection or LDAP connection parameters. An automatic information exchange schedule can be set up for synchronization.
Click the Save button.
After this a LDAP directory connection is established.
To enter LDAP directory attributes:
Set attributes on the Attributes tab:
Click the Save button.
After this, the attributes are added, from which the platform can get necessary data.
NOTE. The user is saved as follows: <user domain name>\<user name>, for example, fsight\ivanov. The user domain is synchronized using the Active Directory attribute - "distinguished name" from the first RDN DC of this attribute. The user name is created from the SamAccountName attribute.
To set up synchronization schedule:
Go to the Schedule tab:
Set parameters:
Execute. Select one of the synchronization period options:
Never. Select the checkbox to disable synchronization by schedule.
NOTE. To manually synchronize user information between LDAP and the platform, use the Synchronization button.
In Specified Number of Hours (Minutes). Select the checkbox and set synchronization repetition interval as follows: <hours : minutes> in the Execution Time box that is displayed.
NOTE. The synchronization period counts after clicking the Save button.
Daily. Select the checkbox and set daily synchronization time as follows: <hours : minutes> in the Execution Time box that is displayed.
Specified Days of Each Month. Select the checkbox and set synchronization time as follows: <hours : minutes> in the Execution Time box that is displayed and month days in the empty box.
TIP. When selecting synchronization period take into account possible increase in mobile platform server loading and decrease of speed of mobile applications work if synchronization is executed too frequently.
Repeat Every. Set synchronization time as follows: <hours : minutes> for the In Specified Number of Hours (Minutes) synchronization period option.
Execution Time. Set synchronization time as follows: <hours : minutes> for the Daily and the Specified Days of Each Month synchronization period options. If required, set several synchronization times using the 
button.
Click the Save button.
After this the synchronization schedule is set for exchanging user information between LDAP and the platform. The exchange is one-way, LDAP is a data source.
To disconnect LDAP directory:
Deselect the Connect to LDAP Directory checkbox on the Connection tab.
Click the Save button.
Select disconnection option:
Disconnect from LDAP Server. All administrators, users, and groups of users who use the specified LDAP server as an authentication server are disconnected from the authentication server.
Disconnect from LDAP Server and Delete Users. All administrators, users, and groups of users who use the specified LDAP server as an authentication server are disconnected from the authentication server and deleted.
If the administrator who disconnects LDAP server is authenticated via this server, the server will not be disconnected. The administrator must be authenticated without applying this LDAP server or execute the operation under the administrator who is not linked to this authentication server.
After this the LDAP directory is disconnected.
See also:
Setting Up System Security | Setting Up Digital Signature
LDAP authentication