DeviceExpert Home | Online Demo

Integrating LDAP & Importing Users

You can make DeviceExpert to work with a LDAP compliant directory (like Active Directory) in your environment, by following the steps explained below. Note that these steps can be performed in any order, but on the first time it is recommended to follow them in the sequence as given below.

Step 1 - Import Users

The first step is to provide credential details and importing users from LDAP.

 

To do this,

 

 

In the UI that pops-up,

 

  1. You can configure the connection between LDAP Server and DeviceExpert to  be over an encrypted channel (SSL) or Non-SSL. If you choose, SSL mode, do the following. Otherwise, proceed to Step 2.

    To enable the SSL mode, the LDAP server should be serving over SSL in port 636 and you will have to import the LDAP server's root certificate, LDAP server's certificate and all other certificates that are present in the respective root certificate chain into the DeviceExpert server machine's certificate store.

    To import certificates, open a command prompt and navigate to <DeviceExpert_SERVER_HOME>\bin directory and execute the following command:

    For Windows


    importCert.bat
    <Absolute Path of certificate>

    For Linux


    importCert.sh
    <Absolute Path of certificate>

    Restart DeviceExpert server. Then continue with the following steps.
     

  2. Enter the url of the LDAP provider in the format attribute://ldap server host:port (Example ldap://192.168.4.83:389/)
     

  3. Enter the credentials of any one of the user already present in LDAP for authentication. It should be in the format exactly how the user would have submitted their username when authenticating to your application. For example, a typical entry would look something like: cn=Eric,o=adventnet,c=com
     

  4. Enter the password of the user
     

  5. This is the 'base' or 'root' from where directory lookups should take place. Enter the LDAP base (top level of the LDAP directory tree). Enter it exactly in the format used in your LDAP. No spaces are allowed between the commas or the '=' equal symbol and that entries are case sensitive
     

  6. If you want to add only specific users from your LDAP directory, just perform a search using the appropriate search filter. For example, for adding only those users who belong to the category "Managers", a typical search filter would be like: ou=Managers,ou=Groups,o=adventnet,c=com
     

  7. Select your LDAP server type

    Microsoft Active Directory (or)
    Novell eDirectory (or)
    OpenLDAP (or)
    Others
     

  8. If your LDAP server belongs to the type Microsoft Active Directory/Novell eDirectory/OpenLDAP, you can select that type and click "Save".
     

If your LDAP server belongs to types other than Microsoft Active Directory/Novell eDirectory/OpenLDAP

 

If your LDAP server belongs to types other than Microsoft Active Directory/Novell eDirectory/OpenLDAP, yon need to enter three more details to authenticate the users:

 

 

 

  • What will be role of the users imported from LDAP, in DeviceExpert?

 

The users added to the DeviceExpert database will have the role as "Operators". If you want to assign specific roles to specific users, proceed with Step 2 below.

 

Step 2  - Assign Roles

All the users imported from LDAP will be assigned the 'Password User' role by default. To assign specific roles to specific users,

 

Step 3  - Enable Authentication

The final step is to enable LDAP authentication. This will allow your users to use their LDAP directory password to login to DeviceExpert. Note that this scheme will work only for users who have been already imported to the local database from AD.

 

Note: Make sure you have at least one user with the 'Administrator' role, among the users imported from LDAP.

 

 


2007, AdventNet Inc. All Rights Reserved.