Light Weight Access Portal

!!! WARNING !!!
Once you turn on the LDAP SYNC, your local setting groups with screen settings will save to your local database. All new user groups will be pulled from your AD server, you can switch back to local groups at any time, but only one type of group can be applied by the Client.

Active Directory / Directory Service (AD/DS)

AD/DS is one of the most famous directory services. With AD/DS and 3rd party software (see CCM), the IT admin can configure each user to have more than one banner setting (color/text) that depends on the currently signed-in user security group. (e.g., there are two different security environment projects assigned to user A at the same time. However, he is only working on one project at a time. He can swap the user’s AD/DS user security group via a 3rd party group change software/script, then sign off and sign back into the user profile. CICB will apply the banner setting according to the IT admin and user security settings.)

!!! WARNING !!!
Users should only be assigned to one SG at a time. But, if a user is assigned to both AD SG-1 and AD SG-2, then SG-1 won by alphabetical order. AD SGs cannot be empty otherwise it will not sync with the Server.

Light Weight Access Protocol (LDAP)

The Server can connect to any directory service that follows the standard LDAP.

Here are some examples of software that supports LDAP:

  1. Active Directory Directory Service (AD/DS)
  2. Apache Directory
  3. Open LDAP
  4. Univention Corporation Server (UCS)
  5. Lepide Auditor for Active Directory
  6. JXplorer
  7. FreeIPA
  8. Samba
  9. GoSa
  10. eDirectory
  11. Zentyal
  12. 389 Directory Server
  13. Red Hat Directory Servers
  14. OpenSSO
  15. SME Server
  16. Resara Server
  17. Sun Java System Directory Server
  18. IBM Tivoli Directory Server
  19. Windows NT Directory Services
  20. Lotus Domino
  21. Etc.

Example Use Case Combine with CCM

  • Refer to CCM for more details.

Example Settings:

Assume there is a NetBIOS named: ad-exmaple, domain: example.com, which has a user group: users, and a user: testuser.

  • Host: <NetBIOS Name> or <IPv4> or <Domain Name>
    e.g. ad-example
    e.g. 10.0.0.100
    e.g. ad.example.com
  • Domain Compoent (DC): <Domain Name>
    e.g. DC=ad
    e.g. DC=example
    e.g. DC=com
  • Base Name (BN): DCs
    e.g. DC=ad,DC=example,DC=com
  • Common Name (CN): <username> or <user group name>
    e.g. testuser
    e.g. users
  • UserPrincipalName: username@domain-name
    e.g. testuser@example.com
  • Organization Unit: <user group name>
    e.g. users
  • Distinguished Name (DN): <UserPrincipalName> or CN=<username>,CN=<user group name>,<BN> or CN=<username>,OU=<user group name>,<BN>
    e.g. CN=testuser,CN=Users,DC=ad,DC=example,DC=com
    e.g. CN=testuser,OU=Users,DC=ad,DC=example,DC=com
    e.g. testuser@ad-example
  • Port: 389 or 636
    e.g. 389 with Unencrypted (use only for intranet networks)
    e.g. 636 with SSL/TLS (use for both internet and intranet networks)