Overview

The LDAP for Microsoft Active Directory configuration allows ProcessMaker Platform users to log on by authenticating directly into a Microsoft Active Directory server.

Considerations when Configuring LDAP for Active Directory

Consider the following:

• For security reasons, do not use anonymous connections.

• ProcessMaker Platform does not support sub-groups or sub-departments. Therefore, user groups cannot be organized hierarchically, and nested groups or departments can not be created.

Configure LDAP for Microsoft Active Directory

Follow these steps to configure LDAP for Microsoft Active Directory:

1. View your LDAP Settings. The LDAP tab displays.

2. Enable the Enabled toggle key to always synchronize your Active Directory whenever your hierarchy of entities changes to keep ProcessMaker Platform synchronized.

3. From the Synchronization Schedule setting, set at which interval to synchronize with your Active Directory server. Consider that when setting this interval, the more users, groups, and/or departments your Active Directory server contains, the more time ProcessMaker Platform requires to synchronize your Active Directory server. Follow these steps:

   2. In the Quantity setting, enter how many times to synchronize for each configured frequency. 1 is the default setting.

   3. In the Frequency setting, select the frequency in which to synchronize from the following options:

      • Minutes (default setting)

      • Hours

      • Days

   4. Click Save. The following message displays: The setting was updated.

4. From the Type setting, select to which LDAP server type ProcessMaker Platform connects to synchronize as follows:

   2. Select the Active Directory option.

   3. Click Save. The following message displays: The setting was updated.

5. From the Server Address setting and the Server Port setting configure as follows:

   2. Enter the Active Directory IP address or hostname to which ProcessMaker Platform synchronizes.

   3. Click Save. The following message displays: The setting was updated.

   5. Enter the port number the Active Directory server uses. By default, Active Directory uses port 389.

   6. Click Save. The following message displays: The setting was updated.

6. Active Directory uses Transport Security Layer (TLS) to connect to the Authentication Source. Then enable the TLS toggle key. The following message displays: The setting was updated.

7. From the Certificate setting, upload the Active Directory certificate file that will be stored on ProcessMaker Platform. For more information about how to get your Active Directory certificate, see Obtain an Active Directory certificate.

8. Active Directory uses distinguished names (dn) to identify users, groups, and other types of entities.

   The distinguished name describes entities starting from the specific and moving to the general in the hierarchy of entities. For example: cn=John Doe,ou=managers,ou=regionalbranch,dc=acme,dc=com Then, configure distinguished names as follows:

   2. Enter each DC of the Base DN following the guidelines above.

   3. Click Save. The following message displays: The setting was updated.

9. Enter Active Directory credentials as follows:

   2. Enter the username to log on to the Active Directory server.

   3. Click Save. The following message displays: The setting was updated.

   5. Enter the password to log on to the Active Directory server.

   6. Click Save. The following message displays: The setting was updated.

10. Select which groups and departments to synchronize as ProcessMaker Platform groups. Ensure to have the correct previous settings to select groups and departments:

    2. Enable the toggle key for each Active Directory group to synchronize as ProcessMaker Platform groups.

    3. Click Save. The following message displays: The setting was updated.

    5. Enable the toggle key for each Active Directory department to synchronize as ProcessMaker Platform groups.

    6. Click Save. The following message displays: The setting was updated.

11. From the User Identifier setting, enter the Active Directory parameter used to identify users as follows:

    2. Enter samaccountname that identifies Active Directory users in ProcessMaker Platform. If unsure, enter *. Synchronization is slower because all object classes are evaluated.

    3. Click Save. The following message displays: The setting was updated.

12. From the Group Identifier setting, enter the Active Directory parameter used to identify groups as follows:

    2. Enter cn that identifies Active Directory groups in ProcessMaker Platform. If unsure, enter *. Synchronization is slower because all object classes are evaluated.

    3. Click Save. The following message displays: The setting was updated.

13. From the Variable Map setting, map ProcessMaker Platform user properties to Active Directory attributes as follows:

    2. Follow these guidelines to map a ProcessMaker Platform user properties to an Active Directory attribute:

       1. Click the +Add button. A new row displays the existing mapped user properties.

       2. In the ProcessMaker Property setting, enter the ProcessMaker Platform user property to which to map the Active Directory attribute. Select the properties in the following order:

          1. email

          2. firstname

          3. lastname

          4. username

       3. In the LDAP Attribute setting, enter the Active Directory attribute from which to map to the ProcessMaker Platform user property. Enter attributes in the following order:

          1. mail

          2. givenname

          3. sn

          4. samaccountname

       4. Click Save. The following message displays: The setting was updated.

14. From the Chunk Size For User Import setting, enter the number of users that will be imported simultaneously as follows:

    2. Enter the number of users. It is recommended 500 as the maximum.

    3. Click Save. The following message displays: The setting was updated.