The Principal Toolbox can be configured for using LDAP. Users from the LDAP store, can be synchronised with the Principal Toolbox. LDAP synchronisation is a process that allows user information as stored within the customer organisation to be available within the Principal Toolbox.
Optionally, the LDAP synchronisation can be used for user authentication as well. Or, the LDAP synchronisation is combined with the Single Sign-On capabilities of the Principal Toolbox.
Benefits
LDAP synchronisation produces benefits in two main areas – reduction in administrative costs and increased ease of use.
- Reduced Administrative Costs: With LDAP synchronisation, all user information resides in a central directory, which reduces the need to maintain and monitor multiple stores, as well as reducing user change requests.
- Increased ease of use: All user information is centrally stored and used by the Principal Toolbox and is always up-to-date.
Using LDAP authentication as well, additional benefit is given to password policy and administration.
- Password Policy and Administration: With LDAP authentication, user passwords are verified centrally applying all possible password policies. Additionally, users do not have to remember a separate password for the Principal Toolbox application.
The LDAP synchronisation allows to set groups of users to access the Principal Toolbox either as administrator or as a normal user. When users are deactivated at the LDAP server, the users will also be deactivated at the Principal Toolbox after synchronisation. The same applies to creation and updates of user information.
User identification can be done on username or email address. Main requirement is that the identification is unique and cannot be changed easily nor buy the user itself.
Warning: If your application is hosted by Fortes Solutions, please contact our support for more information on setting up LDAP for your application.
Warning: When disabling LDAP authentication, first add an new administrator account in the Principal Toolbox before logging out of the Principal Toolbox.
| 1. | Navigate to the Settings in the Principal Toolbox application. |
| 2. | Open LDAP Settings on the System Settings page. |
| 3. | Click on the  button and fill in the following information: |
| Activate LDAP Synchronisation | : | Set to Yes if you want to synchronise the LDAP users with the Principal Toolbox. | |
| Connection: | Server URL | : | Give the IP address of the LDAP server. If there is an SSL connection with the LDAP server, type ldaps:// in front of the IP address. Else, you can type ldap:// in front of the IP address. |
| Connection: | Authentication Method | : | Set the authentication mode. Select Simple to authenticate against the LDAP server. |
| Connection: | Security Principal | : | Specify how the users can be authenticated. |
| Local user management | : | Only the user properties will be synchronized if this setting is set to Yes. User accounts can be managed by the Principal Toolbox User administration. |
| Synchronisation: | User identifier field in LDAP | : | Unique ID in the LDAP store for matching the Toolbox unique ID during the synchronisation. |
| Synchronisation: | User identifier field in toolbox | : | Unique ID in the Principal Toolbox for matching the LDAP unique ID during the synchronisation. |
| Synchronisation: | Search Base Normal Users | : | Location of the normal Principal Toolbox users in the LDAP store. |
| Synchronisation: | Filter Normal Users | : | Specify a filter where the normal users must match. |
| Synchronisation: | Search Base Administrators | : | Location of the Principal Toolbox administrators in the LDAP store. |
| Synchronisation: | Filter Admin Users | : | Specify a filter which the administrators must match. |
| Synchronisation: | Username | : | Fill in the full path of a LDAP username for testing the connection. (Only needed when Authentication Method is set to Simple) |
| Synchronisation: | Password | : | Give the password for the above username, for testing the connection. (Only needed when Authentication Method is set to Simple) |
| Synchronisation: | Schedule | : | Schedule automatic LDAP synchronisation. |
| 4. | Now click OK to save the settings. |
| 5. | When Activate LDAP Synchronisation is set to Yes and the Authentication Method is set to Simple, you can test de connection with the LDAP server. Click on the  button to test. |
| 6. | When the test is passed, the data from the LDAP server can be synchronised with the Principal Toolbox using the  button. |
Note: An existing user will be removed (deactivated) when there is no match of the user identifier fields while synchronising.
Now you can customize the field mapping on the LDAP field mapping page and switch LDAP authentication on when needed.
