Users can be imported to SystemWeaver from an existing LDAP server (Lightweight Directory Access Protocol) using the swAdmin2 application. The interface is described in The SystemWeaver Admin Utility Interface.
- There is an existing LDAP in your current network
- You have knowledge of your LDAP configuration
Retreiving Users From Your LDAP Server
Before the import can be processed, you need to add a new LDAP configuration.
- Click Add new LDAP configuration to start the LdapWizard.
- For Network parameters, enter the Hostname and Port for your LDAP server. The port is normally 389 which is the standard port for LDAP.
- You can test the connection to the LDAP server by clicking Test connection. If successful, you will receive a message "The connection was established successful!".
- Click Next.
- For Authentication, select the Authentication method (No Authentication, Simple Authentication, or Secure).
- You can test by clicking Test authentication data. If successful, you will receive a message "The authentication was successful!".
- Set the Kerberos settings as needed.
- Click Next.
- On the Configuration page, you will enter values for accessing the user information in the LDAP server. The values in the example shown below may need to be changed in order to match you network settings, but will hopefully work with most LDAP servers (except Domain which is for Systemites installation). More information about Active Directory attributes can be found on this web-page: https://msdn.microsoft.com/en-us/library/windows/desktop/ms675090(v=vs.85).aspx
Domain: We have used the value "CN=Users,DC=systemite,DC=local" in our example. Searching is from right to left so you have the largest domain at the furthest right and the subdomain you are interested in to the left and finally the value for CN. The string is used as a path for the LDAP DIT (Directory Information Tree). The values in the string stand for:
- CN = Common Name
- OU = Organizational Unit
- DC = Domain Component.
- UserObjectclass and UserObjectCategory: Used to filter the search sent to the LDAP server.
- Name, DisplayName and Email: Used for retrieving the correct data for import from the LDAP server.
- Domain: We have used the value "CN=Users,DC=systemite,DC=local" in our example. Searching is from right to left so you have the largest domain at the furthest right and the subdomain you are interested in to the left and finally the value for CN. The string is used as a path for the LDAP DIT (Directory Information Tree). The values in the string stand for:
- Click Finish to save the configuration to the import window.
Selecting Users for Import
Once you have retrieved the users from your LDAP, you can select the users you wish to import into SystemWeaver by checking the selection box in the first column next to each user you want to import and pressing Import selected users.
There is a filter function that can be used to narrow the list. You can enter a string in any of the fields Name, Display name or Email. When you click Filter, a new query will be sent to the LDAP server and there will an extra query statement on the values you have entered. Only one user was found in this example:
User Login Using LDAP
When you import users from an existing LDAP server, the network id will be populated in the users' profiles. This means that an imported user that is logged in to the AD can log in to SystemWeaver just by clicking on the Login as xxxx button.