Views: 8687 (Data available since 06.02.2017)
Last Modified: 10.10.2012
You will create an AD/LDAP server record in the administrative area (Control Panel) by specifying the required server data and user group mapping.
Each record regulates access to a folder tree root. If the corporate network user groups are stored on several servers or in several databases on a single server, you should create a separate record for each storage point.
- Open Active Directory / LDAP server settings (Settings > AD/LDAP).
- Click Add to open the new record creation form.
- The Server tab is used to specify information about the corporate server as well as the database connection settings. You have to ask your system administrator for the server data.
- Active: if this box is checked, this record is included in the user profile lookup when a user attempts to authorise.
- Name: the name of the record to be created as it will be shown in lists.
- Description: type here the server description.
- NTLM Authorization Domain: specifies the AD/LDAP server on which a user is authenticated. This field is also used for unattended NTLM authentication. The server is specified as domain\login.
- Server:port: the IP address and the port of a corporate server hosting the user group database. The port 389 is the technology standard to access an LDAP server.
- Administrative login: login for administrative access to the server.
- Administrative password: password for administrative access to the server.
- Test connection: click this button after you have specified all required information, to verify the connection.
This will try to establish a trial connection to the server. If the check succeeds, the server should return a list of available tree roots. If the check fails, the page will display the error description in red.
- Tree root (base DN): this field is used to select the catalogue tree root to be used for the user profile lookup when authorising.
- The Field Mapping group defines parameters of the user profiles stored on the server.
The controls of this group are initialised with the standard values for LDAP or AD servers.
- You can select the server type by clicking on the corresponding link in the section title.
- If the corporate server overrides standard settings, the values in this group should be altered to reflect the server settings.
To create more user field to attribute mapping entries, click the [add…] link. For an LDAP server, fill in at least the required fields (first and last names, e-mail address etc.) that will be continuously synchronized to AD. Other fields can be imported by employing the user import option on the Field Mapping tab.
When synchronizing, each of the mapped fields will be checked for changes and changed on the website end (that is, in Bitrix Site Manager). In practice it means that if a user has changed one or more of the mapped fields, they will be restored to the original values.
It is recommended that you create as many field mapping entries as possible when importing users for the first time, and delete redundant mappings once the import procedure is complete.
Company Departments and Structure
This group includes company structure import configuration options.