Configure LDAP Settings
Configure general information about an LDAP Setting.
Package and Permission Required
Furthermore, your user account or group membership must have the "Settings: Update Settings" permission to edit LDAP settings unless your user account has the Make this user a Super Admin setting selected.
Configure LDAP Settings
Enable Directory Synchronization via LDAP
Enable directory synchronization between ProcessMaker and your LDAP server. If not enabled, ProcessMaker Platform does not synchronize with your LDAP server.
Follow these steps to enable directory synchronization via LDAP:
Enable the Enabled toggle key. This is a required setting to use LDAP with ProcessMaker Platform. The following message displays: The setting was updated.
Set the LDAP Synchronization Schedule
Set at which interval to synchronize with your LDAP server. Consider that when setting this interval, the more users, groups, and/or departments your LDAP server contains, the more time ProcessMaker Platform requires to synchronize your LDAP server.
Follow these steps to set how often to synchronize between your LDAP server and ProcessMaker Platform:
In the Quantity setting, enter how many times to synchronize for each configured frequency. 1 is the default setting.
In the Frequency setting, select the frequency in which to synchronize from the following options:
Minutes (default setting)
Hours
Days
Click Save. The following message displays: The setting was updated.
Set to Which LDAP Server Type to Connect
Follow these steps to select to which LDAP server type ProcessMaker Platform connects to synchronize:
Select to which LDAP server type ProcessMaker Platform connects to synchronize:
Click Save. The following message displays: The setting was updated.
Enter the LDAP Server Address and Port Number
Follow these steps to enter the LDAP server address and port to which ProcessMaker Platform synchronizes:
Enter the IP address or host name for the LDAP server to which ProcessMaker Platform synchronizes.
Click Save. The following message displays: The setting was updated.
Enter the port number the LDAP server uses. By default, LDAP uses port 389. If unsure, use one of the following commands depending on your LDAP server's operating system:
Linux/UNIX:
netstat -l
andnetstat -lnp
Windows:
netstat -a
andnetstat -ab
commands
Click Save. The following message displays: The setting was updated.
Enable TLS to Connect to LDAP
If your LDAP server uses a Transport Security Layer (TLS) certificate, enable TLS to connect to the LDAP authentication source.
Follow these steps to enable TLS to connect to your LDAP authentication source:
Enable the TLS toggle key. The following message displays: The setting was updated.
Enter the Domain Components for the Base DN
Follow these steps to enter the domain components (DC) for the base Distinguished Name (DN):
Enter each DC of the Base DN following the guidelines above.
Click Save. The following message displays: The setting was updated.
Enter the Credentials to Connect to LDAP
Follow these steps to enter the credentials to connect to the LDAP server:
Enter the username to log on to the LDAP server.
Click Save. The following message displays: The setting was updated.
Enter the password to log on to the LDAP server.
Click Save. The following message displays: The setting was updated.
Select from Which LDAP Groups to Synchronize
ProcessMaker Platform groups that do not exist are created.
If a selected LDAP group contains no LDAP users, then a corresponding ProcessMaker Platform group is not created if it does not already exist.
ProcessMaker Platform users that exist synchronize from your LDAP server and are placed into the groups corresponding with your selected LDAP server department(s).
ProcessMaker Platform users that do not already exist but exist in your selected LDAP group(s) are created.
Ensure that you have configured at least the following LDAP settings to connect with your LDAP server prior to selecting which LDAP groups to synchronize. Otherwise, no LDAP groups are available to synchronize when editing this setting.
Follow these steps select which LDAP groups to synchronize as ProcessMaker Platform groups:
Enable the toggle key for each LDAP group to synchronize as ProcessMaker Platform groups.
Click Save. The following message displays: The setting was updated.
Select from Which LDAP Departments to Synchronize
ProcessMaker Platform groups that do not exist are created.
If a selected LDAP department contains no LDAP users, then a corresponding ProcessMaker Platform group is not created if it does not already exist.
ProcessMaker Platform users that exist synchronize from your LDAP server and are placed into the groups corresponding with your selected LDAP server department(s).
ProcessMaker Platform users that do not already exist but exist in your selected LDAP department(s) are created.
Ensure that you have configured at least the following LDAP settings to connect with your LDAP server prior to selecting which LDAP departments to synchronize. Otherwise, no LDAP departments are available to synchronize when editing this setting.
Follow these steps select which LDAP departments to synchronize as ProcessMaker Platform groups:
Enable the toggle key for each LDAP department to synchronize as ProcessMaker Platform groups.
Click Save. The following message displays: The setting was updated.
Enter the LDAP Object Class That Identifies Users
Enter the LDAP object class that identifies users. Objects that match the object class synchronize with users that exist in your ProcessMaker Platform instance. During synchronization the following occurs:
LDAP groups that contain LDAP users and match the entered LDAP object class synchronize.
LDAP groups that do not contain LDAP users do not synchronize, regardless if they match the entered LDAP object class.
Follow these steps to enter the LDAP object class that identifies users:
Active Directory: Enter
samaccountname
.Open LDAP: Enter
uid
.If unsure which object class to use: Enter
*
. Synchronization is slower because all object classes are evaluated.
Click Save. The following message displays: The setting was updated.
Enter the LDAP Object Class That Identifies Groups
Enter the LDAP object class that identifies groups. Objects that match the object class synchronize with groups that exist in your ProcessMaker Platform instance. ProcessMaker Platform groups that do not already exist are created from your LDAP server.
Follow these steps to enter the LDAP object class that identifies groups:
Enter the LDAP object class that identifies groups.
Click Save. The following message displays: The setting was updated.
Map User Properties to LDAP Attributes
Consider the following examples.
Follow these steps to map how ProcessMaker Platform user properties correspond with LDAP attributes:
Follow these guidelines to map a ProcessMaker Platform user properties to an LDAP attribute:
Click the +Add button. A new row displays the existing mapped user properties.
In the ProcessMaker Property setting, enter the ProcessMaker Platform user property to which to map the LDAP attribute.
In the LDAP Attribute setting, enter the LDAP attribute from which to map to the ProcessMaker Platform user property.
Click Save. The following message displays: The setting was updated.
Related Topics
Last updated