This is an old revision of the document!
This page is not fully translated, yet. Please help completing the translation.
(remove this paragraph once the translation is finished)
The goal of the LDAP synchronization module is to apply a nearly random group- and user structure from an LDAP-service and to feed it with necessary information in order to use this as a basis for the T!M group-/ user structure. The foundation for this module constitutes the TimedService component via which the synchronization is run time-controlled.
The module consists of two essential parts which together allow a synchronization of naerly random LDAP-structures. In order to establish an LDAP-module several steps are necessary which are explained in this entry.
ATTENTION! These settings and methods should only be applied by experienced users.
In order to enable T!m - Task !n Motion to access to an LDAP-server, folgende Datei has to be adapted:
loom.ear/config/ldap.properties
These settings apply for all Mandanten! For a detailed description of the single lines you can get further information here: hier
In order to test elemental LDAP connections, some settings have to be applied in the [client_profile|Clientprofil]]. For this, the following merits are required:
Authentication | Can stay empty |
---|---|
LDAP-Host | Host or IP of the LDAP server |
LDAP-Port | Port which the LDAP server responds to (Standard 389) |
Factory Initial | Must contain the following merit “com.sun.jndi.ldap.LdapCtxFactory” |
Kind of authentication | Can be “simple” or “digest-md5” (Standard “simple”) |
DNS Prefix | Can stay empty |
DNS Suffix | Here, the DNS suffix of the firm has to be deposited |
Afterwards an LDAP-lookup can be initiated via the button “Test LDAP connection”. For this you simply enter an LDAP user and password.
ATTENTION! The password is displayed in clear text!
LDAP lookup means tthat T!M forwards authentication requests to the LDAP server and inquires if the user has the right to register himself. As the rights management is currently deposited in T!M, the user has to be registered in T!M!
IMPORTANT! (see screenshot)An e-mail address has to be deposited in the Userprofil
The log-in is not permitted as long as the user has to change his password in the AD
The rights of the user are managed in T!M
The LDAP Sync givs the possibility to create users in T!M and to apply attributes from the LDAP. How LDAP attributes are linked to T!M-attributes can be looked up in folgender Seite.
In order to activate the LDAP-Sync, the folgender Timer is required.
Such a group structure and the configuration of 4 timers (one timer per group) enables the admin to conviniently allocate rights in T!M. Important is that all T!M-users are in the group TIM-Member. If this is not given, it could leat to an admin not being able to open a smartform as the member-right is required.