π Note
This article applies to inSync GovCloud customers only. For inSync customers, see Administrator Provisioning using AD/LDAP.
Prerequisites
Ensure that you have installed the AD/LDAP Connector.
For more information, see Install or upgrade inSync AD/LDAP Connector
Configure the inSync Connector
Step 1: Establish a connection between the AD/LDAP Connector and inSync Public Cloud or GovCloud
The following table describes the configuration process to enable the AD/LDAP Connector to communicate with inSync Public Cloud or inSync GovCloud.
β Important
AD/LDAP Connector can establish a connection to inSync Public Cloud directly or through a proxy server.
Configure AD/LDAP Connector with inSync GovCloud | For the AD/LDAP Connector to communicate with the inSync GovCloud, see Configure AD/LDAP Connector with GovCloud. |
Configure AD/LDAP Connector with inSync Public Cloud through a proxy server
If the AD/LDAP Connector has to access the internet through a proxy server, add the proxy configuration details to the inSyncADConnector.cfg file that is located in the C:\inSyncADConnector directory.
To add the proxy server details:
On the computer where the AD/LDAP Connector is installed, stop the Druva inSync Connector service.
Open the C:\inSyncADConnector directory.
Open the inSyncADConnector.cfg using a text editor, such as Notepad.
Provide the required proxy server details for the following parameters in the .cfg file.
PROXY_SERVER:IP address and port of the proxy server. Ensure that the port number is for the proxy server that is using HTTP or SOCKS4 or SOCKS5. For example, 192.168.54.100:1080.
PROXY_USER:Username required for proxy server authentication. This is required only if authentication is necessary to access the Internet.
PROXY_PASSWD:Password required for proxy server authentication. This is required only if authentication is necessary to access the Internet.
PROXY_TYPE:Proxy protocol that you are using. inSync supports http, socks4, and socks5 proxy protocols.
WPAD_URL:
The URL of the WPAD location. This parameter is optional and can be used to fetch the PAC file based on the following requirements:
If you want the AD/LDAP Connector to use an internal URL to fetch the PAC file, specify WPAD_URL="http://<internal-wpad-url>.com/wpad.dat"
This URL is accessible only from your organization's internal network/LAN.You can also configure the AD/LDAP Connector to automatically detect the WPAD URL location. In this case, specify WPAD_URL="AUTO"
inSync will try to connect tohttp://wpad/wpad.dat
URL and fetch the PAC file.
Save the inSyncADConnector.cfg file.
Start the Druva inSync Connector service.
Configure the inSync Connector with inSync GovCloud
If the AD/LDAP Connector has to communicate with the inSync GovCloud, update the Cloud Master IP parameter in the inSyncADConnector.cfg file that is located in the C:\inSyncADConnector directory.
To update the Cloud Master IP:
On the computer where the AD/LDAP Connector is installed, stop the Druva inSync Connector service.
Open the C:\inSyncADConnector directory.
Open the inSyncADConnector.cfg file using a text editor, such as Notepad.
Update the CM_IP parameter to govcloud.druva.com.
Save the inSyncADConnector.cfg file.
Start the Druva inSync Connector service.
π Note
β inSync Connector v5.8 and above for inSync GovCloud is FIPS 140-2 Compliant.
Step 2: Generate a registration key for the AD/LDAP Connector
To generate a registration key for the AD/LDAP Connector,
On the inSync Management Console menu bar, click Settings wheel> inSync Settings.
Click the Connectors tab.
In the Connectors area, click Add Connector. The Add AD/LDAP Connector window appears.
In the AD/LDAP Connector name field, type a name for this AD/LDAP Connector, and then click Add and Generate Registration Key. The AD/LDAP Connector registration key appears.
Copy the registration key.
Step 3: Register the AD/LDAP Connector
To register the AD/LDAP Connector:
On the computer where you have the inSync Connector installed, click Start >Druva inSync AD Connector Configuration. The Register AD Connector window appears.
Type or paste the registration key, and then click Register. For more information on how you can obtain the registration key, see Step 2: Generate a registration key for the AD/LDAP Connector.
You can verify the connection status of the installed and configured AD/LDAP Connector on the Settings > Connectors.Upon successful registration, the Connection Status appears as Connected.
π Note
βDo not regenerate the registration key after the AD/LDAP Connector is registered. If you regenerate the key, the existing registration key is deactivated.
About inSync Connector Status
Once configured, inSync tracks the inSync Connector status dynamically. You can navigate to the Settings wheel> inSync Settings > Connectorsto verify the AD/LDAP Connector status whenever required. inSync also raises alerts on the inSync Management Console and sends alert notifications whenever a AD/LDAP Connector is in Not Connected state.
On the contrary, Druva recommends to avoid checking the connector status from its host as it displays a static value and may differ from its status displayed on the inSync Management Console.
inSync Connector migration scenarios
The following scenarios describe the impact on AD/LDAP Connector services if the operating system (OS) installed on a Server is updated or when a new Server is installed. Follow the recommended steps provided to ensure the inSync Connector services continue running smoothly.
Scenarios
When OS on a Server is updated
Follow the steps given below to ensure the AD/LDAP Connector services do not get disrupted if the operating system on the Server gets updated:
Stop the AD/LDAP Connector services before updating the OS.
Update the OS on the Server.
Restart the AD/LDAP Connector services once the OS is updated. The services will run properly.
When a new Server is installed
Follow the steps given below to ensure the AD/LDAP Connector services continue working fine after installing the AD/LDAP Connector on the new Server:
Stop AD/LDAP Connector services and then back up the entire AD/LDAP Connector directory on C:\inSyncADConnector directory.
Decommission the old AD/LDAP Connector from the instance.
Install AD/LDAP Connector on new Server and stop the AD/LDAP Connector services.
Copy the AD/LDAP Connector directory from the old server and replace it in the AD/LDAP Connector directory installed on the new server.
Restart the AD/LDAP Connector services. The services will run properly.
Delete AD/LDAP Connector
To delete an AD/LDAP Connector
On the inSync Management Console menu bar, click Settings wheel> inSync Settings.
Click the Connectors tab.
In the Connector area, select the AD/LDAP Connector that you want to delete.
Click Delete Connector.
On the prompt window, click Yes.
Connection to the AD/LDAP associated with this AD/LDAP Connector is released. inSync stops auto-import of users through this AD/LDAP Connector.
Best practices
Port Usage
The following table lists the ports that the AD/LDAP Connector uses.
π Note
The ports are essential for two-way (bidirectional) communication; ensure they are whitelisted accordingly.
Port Number | Used By |
443, 6061, 80 | AD/LDAP Connector with inSync Cloud
π Note
|
389 | LDAP |
3268 | LDAP on the global catalog |
636 | Secure LDAP |
3269 | Secure LDAP on the global catalog |