Users can be imported to SystemWeaver from an existing LDAP server (Lightweight Directory Access Protocol) using the swAdmin2 application to create new SystemWeaver user accounts. The single sign-on function allows the user to launch and enter SystemWeaver without entering a separate password.
Note: The tool cannot be used to import updates to already existing accounts in SystemWeaver. |
Prerequisites
- There is an existing LDAP in your current network
- You have knowledge of your LDAP configuration
Retrieving Users From Your LDAP Server
Before the import can be processed, you need to add a new LDAP configuration.
- Click Add new LDAP configuration to start the LdapWizard.
- For Network parameters, enter the Hostname and Port for your LDAP server. The port is normally 389 which is the standard port for LDAP.
- You can test the connection to the LDAP server by clicking Test connection. If successful, you will receive a message "The connection was established successful!".
- Click Next.
- For Authentication, select the Authentication method (No Authentication, Simple Authentication, or Secure).
- You can test by clicking Test authentication data. If successful, you will receive a message "The authentication was successful!".
- Set the Kerberos settings as needed.
- Click Next.
- On the Configuration page, enter values for accessing the user information in the LDAP server. The values in the example shown below may need to be changed in order to match your settings, but will hopefully work with most LDAP servers (except Domain which is for SystemWeaver's installation). More information about Active Directory attributes can be found on this web-page: https://msdn.microsoft.com/en-us/library/windows/desktop/ms675090(v=vs.85).aspx
- Domain: We have used the value "OU=Employees,OU=Users,OU=Systemite,DC=systemite,DC=local" in our example. Searching is from right to left so you have the largest domain at the furthest right and the sub-domain you are interested in to the left. The string is used as a path for the LDAP DIT (Directory Information Tree). The values in the string stand for:
- CN = Common Name
- OU = Organizational Unit
- DC = Domain Component.
- UserObjectclass and UserObjectCategory: Used to filter the search sent to the LDAP server.
- Username, Name and Email: Used for retrieving the correct data for import from the LDAP server.
- Domain: We have used the value "OU=Employees,OU=Users,OU=Systemite,DC=systemite,DC=local" in our example. Searching is from right to left so you have the largest domain at the furthest right and the sub-domain you are interested in to the left. The string is used as a path for the LDAP DIT (Directory Information Tree). The values in the string stand for:
- Click Finish to save the configuration to the import window.
- To view the list of users, click the Filter button.
Selecting Users for Import
Once you have retrieved the users from your LDAP, you can select the users you wish to import into SystemWeaver by checking the selection box in the first column next to each user you want to import and pressing Import selected users.
There is a filter function that can be used to narrow the list. You can enter a string in any of the fields Name, Display name or Email. When you click Filter, a new query will be sent to the LDAP server and there will an extra query statement on the values you have entered. Only one user was found in this example:
To clear a filter, clear (all) filter values, and click Filter.
User Login Using LDAP
When you import users from an existing LDAP server, the Username and Network id will be populated in the users' profiles with the user's AD username.
This means that an imported user that is logged in to the AD can log in to SystemWeaver just by clicking on the Login as xxxx button.