π Note
The article is applicable to inSync GovCloud customers only. For inSync customers, see, Administrator Provisioning using AD/LDAP.
Overview
If you want to use Active Directory (AD) or Lightweight Directory Access Protocol (LDAP) to manage your inSync users, you must register that AD/LDAP with inSync. The AD/LDAP registration involves a two-step process.
β Important
AD/LDAP Connector must connect to the AD/LDAP server directly and not through a proxy server.
Prerequisites
Ensure that you have completed the following configurations:
Installed the AD/LDAP Connector. For more information, see Install or upgrade AD/LDAP Connector.
Configured the AD/LDAP Connector. For more information, see Configure AD/LDAP Connector.
Before you begin
Ensure that you have the following information about your AD/LDAP:
The hostname of the AD/LDP Server where the global catalog Server or the Domain Controller of the AD/LDAP is available.
The port number to access the AD/LDAP.
The AD/LDAP Server credentials to access the AD/LDAP.
If you are registering the LDAP server as the directory service, you must provide value for equivalent LDAP attributes for mapping the user in inSync.
Procedure
Step 1: Register your AD/LDAP
You can register either of the following:
Register the global catalog server of your AD/LDAP.
Registering a global catalog server is advantageous for organizations that have geographically distributed offices. This allows you to import users from different domains to the same profile.The domain controller of your AD/LDAP.
Registering a domain controller is advantageous for smaller organizations that have only one office.
To register your AD/LDAP with inSync Master
On the inSync Management Console menu bar, click Users >Deployment.
Click the Accounts tab. A list of all the registered AD/LDAP Accounts is displayed.
Click Register AD/LDAP Account. The Register AD/LDAP Account window appears.
Provide the appropriate information for each field and click Ok.
The AD/LDAP is registered with inSync Master.
Field | Description |
Directory Service Type | Select the directory service type that you want to register with inSync Cloud. Available directory service types are as follows:
|
AD/LDAP Connector | Select the AD/LDAP Connector that inSync must use to connect your AD/LDAP with inSync Cloud. |
Host | Type the Hostname of the server where the Global Catalog or the Domain Controller is available. |
Port | Type the port number required to access your AD/LDAP.
If you are registering the AD/LDAP by using its Domain Controller details, you must use 636 as the port number for a secure connection or 389 as the port number for a non-secure connection.
If you are registering the AD/LDAP by using Global Catalog server details, you must use 3269 as the port number for a secure connection or 3268 as the port number for a non-secure connection. |
Use secure connection | If you want to access your AD/LDAP through an HTTPS connection, select this check box. |
If you are registering LDAP as the Directory Service, you must enter the following Attribute Mapping details. | |
Type the LDAP attribute for email, that should map to the inSync email address. | |
inSync Username | Type the LDAP attribute that should map to the inSync username. |
logon Name | This is the distinguished name of the user. This is used as a username for LDAP based authentication. |
Step 2: Establish a connection between the registered AD/LDAPServer and the Connector
You must establish a connection between a registered AD/LDAP Server and the AD/LDAP Connector for importing user details from that AD/LDAP. inSync Master requires read-only access to your AD/LDAP so that it can fetch the user details that it requires from your AD/LDAP. inSync does not fetch user credentials. inSync fetches only user details, such as email, name, department, country code, logon name.
β Important
When you establish a connection, you provide the AD/LDAP Server credentials that have read-only permissions on the AD/LDAP Connector. These credentials are saved in an encrypted format in the inSyncADConnector.cfg file for that inSync Connector.
To authenticate AD/LDAP Server credentials
Double-click on the Druva AD/LDAP Connector icon. The AD/LDAP Connector window appears.
Click Manage AD/LDAP Accounts. The Manage AD/LDAP Credentials window appears.
βProvide the appropriate information for each field, click Save,and then Click OK.
Field | Description |
Host | In the list, click the Hostname of the AD/LDAP server that you have configured with the AD/LDAP Connector.
The port number and secure connection associated with AD/LDAP server that you selected are automatically populated. |
Port | Indicates the port number associated with the AD/LDAP server that you selected. |
Secure Connection | Indicates whether a secure connection is associated with the AD/LDAP server that you selected. |
Username | Type the user name of the AD/LDAP Server account that has read-only permissions.
inSync Master requires read-only access to your AD/LDAP so that it can fetch the user details that it requires from your AD/LDAP. inSync does not fetch user credentials. inSync fetches only user details, such as email, name, department, country code, logon name. |
Password | Type the password for the AD/LDAP Server account. The password is saved in an encrypted format in the inSyncADConnector.cfg file for that inSync Connector. |
Note:If you do not want to save the AD/LDAPServer (read-only) credentials on the ##########{{iconnector}}, you can disable this functionality. To do so, submit your request to Support.
Edit your Active Directory details
You can edit the registered Active Directory details such as the Hostname, port number, or secure connection preference.
To edit the registered Active Directory details
On the inSync Management Console menu bar, click Users >Deployment.
Click the Accounts tab. A list of all the registered AD/LDAP Accounts is displayed.
Under the Registered AD/LDAP Accounts section, select the AD/LDAP Connector account that you want to update, and click Edit. The Edit AD/LDAP Account window appears.
Update the AD/LDAP account as required.
π Note
βIf you are updating the Hostname or port number, you must re-enter the AD/LDAP Server (read-only) credentials on the AD/LDAP Connector that inSync uses to connect to your AD/LDAP.Click Ok.
Update your inSync Connector credentials
You can update the user name and password for the inSync Connector that inSync uses to connect your AD/LDAP with inSync. After you register an AD/LDAP with inSync, the registered AD/LDAP account is available in the Host list.
To update your AD/LDAP Connector credentials
Double-click on the DruvaAD/LDAP Connector icon. The AD/LDAP Connector window appears.
Click Manage AD/LDAP Accounts. The Manage AD/LDAP Credential s window appears.
Update the AD/LDAP information as required.
Click Ok.
Remove your Active Directory registration from inSync
Before you begin
Before you delete the Active Directory registration from inSync, ensure the following:
You have deleted the AD/LDAP mapping and deleted all the users that inSync created by using this AD/LDAP mapping. See, Delete an Active Directory mapping.
You have deleted the profile where you have configured the user login mechanism as Active Directory. See, Delete a profile.
Procedure
To remove your Active Directory registration from inSync
On the inSync Management Console menu bar, click Users >Deployment.
Click the Accounts tab. A list of all the registered AD/LDAP Accounts is displayed.
In the Registered AD/LDAP Accounts area, select the AD/LDAP Connector account that you want to remove, and then click Delete.
Click Yes.
π Note
βYou must delete the AD/LDAP Connector to which you have mapped your Active Directory. See, Delete an AD/LDAP Connector.