!!! WARNING !!!
Once you turn on the LDAP SYNC, your local setting groups with screen settings will save to your local database. All new user groups will be pulled from your AD server, you can switch back to local groups at any time, but only one type of group can be applied by the Client.
Active Directory / Directory Service (AD/DS)
AD/DS is one of the most famous directory services. With AD/DS and 3rd party software (see CICB-Client CCM), the IT admin can configure each user to have more than one banner setting (color/text) that depends on the currently signed-in user security group. (e.g., there are two different security environment projects assigned to user A at the same time. However, he is only working on one project at a time. He can swap the user’s AD/DS user security group via a 3rd party group, change software/script, then sign off and sign back into the user profile. CICB will apply the banner setting according to the IT admin and user security settings.)
!!! WARNING !!!
Users should only be assigned to one SG at a time. But, if a user is assigned to both AD SG-1 and AD SG-2, then SG-1 won by alphabetical order. AD SGs cannot be empty otherwise it will not sync with the Server.
Light Weight Access Protocol (LDAP)
The Server can connect to any directory service that follows the standard LDAP.
Here are some examples of software that supports LDAP:
- Active Directory Directory Service (AD/DS)
- Apache Directory
- Open LDAP
- Univention Corporation Server (UCS)
- Lepide Auditor for Active Directory
- JXplorer
- FreeIPA
- Samba
- GoSa
- eDirectory
- Zentyal
- 389 Directory Server
- Red Hat Directory Servers
- OpenSSO
- SME Server
- Resara Server
- Sun Java System Directory Server
- IBM Tivoli Directory Server
- Windows NT Directory Services
- Lotus Domino
- Etc.
Example Use Case Combine with CCM
- Refer to CICB-Client CCM for more details.
Example Settings:
Assume there is a NetBIOS named: ad-exmaple, domain: example.com, which has a user group: users, and a user: testuser.
- Host: <NetBIOS Name> or <IPv4> or <Domain Name>
e.g. ad-example
e.g. 10.0.0.100
e.g. ad.example.com - Domain Compoent (DC): <Domain Name>
e.g. DC=ad
e.g. DC=example
e.g. DC=com - Base Name (BN): DCs
e.g. DC=ad,DC=example,DC=com - Common Name (CN): <username> or <user group name>
e.g. testuser
e.g. users - UserPrincipalName: username@domain-name
e.g. testuser@example.com - Organization Unit: <user group name>
e.g. users - Distinguished Name (DN): <UserPrincipalName> or CN=<username>,CN=<user group name>,<BN> or CN=<username>,OU=<user group name>,<BN>
e.g. CN=testuser,CN=Users,DC=ad,DC=example,DC=com
e.g. CN=testuser,OU=Users,DC=ad,DC=example,DC=com
e.g. testuser@ad-example - Port: 389 or 636
e.g. 389 with Unencrypted (use only for intranet networks)
e.g. 636 with SSL/TLS (use for both internet and intranet networks)