Configure LDAP settings for Microsoft Active Directory.
The LDAP for Microsoft Active Directory configuration allows ProcessMaker Platform users to log on by authenticating directly into a Microsoft Active Directory server.
Consider the following:
For security reasons, do not use anonymous connections.
ProcessMaker Platform does not support sub-groups or sub-departments. Therefore, user groups cannot be organized hierarchically, and nested groups or departments cannot be created.
Follow these steps to configure LDAP for Microsoft Active Directory:
View your LDAP Settings. The LDAP tab displays.
Enable the Enabled toggle key to always synchronize your Active Directory whenever your hierarchy of entities changes to keep ProcessMaker Platform synchronized.
From the Synchronization Schedule setting, set at which interval to synchronize with your Active Directory server. Consider that when setting this interval, the more users, groups, and/or departments your Active Directory server contains, the more time ProcessMaker Platform requires to synchronize your Active Directory server. Follow these steps:
In the Quantity setting, enter how many times to synchronize for each configured frequency. 1 is the default setting.
In the Frequency setting, select the frequency in which to synchronize from the following options:
Minutes (default setting)
Hours
Days
Click Save. The following message displays: The setting was updated.
From the Type setting, select to which LDAP server type ProcessMaker Platform connects to synchronize as follows:
Select the Active Directory option.
Click Save. The following message displays: The setting was updated.
From the Server Address setting and the Server Port setting configure as follows:
Enter the Active Directory IP address or hostname to which ProcessMaker Platform synchronizes.
Click Save. The following message displays: The setting was updated.
Enter the port number the Active Directory server uses. By default, Active Directory uses port 389.
Click Save. The following message displays: The setting was updated.
Active Directory uses Transport Security Layer (TLS) to connect to the Authentication Source. Then enable the TLS toggle key. The following message displays: The setting was updated.
From the Certificate setting, upload the Active Directory certificate file that will be stored on ProcessMaker Platform. For more information about how to get your Active Directory certificate, see Obtain an Active Directory certificate.
Active Directory uses distinguished names (dn) to identify users, groups, and other types of entities.
The distinguished name describes entities starting from the specific and moving to the general in the hierarchy of entities. For example: cn=John Doe,ou=managers,ou=regionalbranch,dc=acme,dc=com
Then, configure distinguished names as follows:
Enter each DC of the Base DN following the guidelines above.
Click Save. The following message displays: The setting was updated.
Enter Active Directory credentials as follows:
Enter the username to log on to the Active Directory server.
Click Save. The following message displays: The setting was updated.
Enter the password to log on to the Active Directory server.
Click Save. The following message displays: The setting was updated.
Select which groups and departments to synchronize as ProcessMaker Platform groups. Ensure to have the correct previous settings to select groups and departments:
Enable the toggle key for each Active Directory group to synchronize as ProcessMaker Platform groups.
Click Save. The following message displays: The setting was updated.
Enable the toggle key for each Active Directory department to synchronize as ProcessMaker Platform groups.
Click Save. The following message displays: The setting was updated.
From the User Identifier setting, enter the Active Directory parameter used to identify users as follows:
Enter samaccountname
that identifies Active Directory users in ProcessMaker Platform. If unsure, enter *
. Synchronization is slower because all object classes are evaluated.
Click Save. The following message displays: The setting was updated.
From the Group Identifier setting, enter the Active Directory parameter used to identify groups as follows:
Enter cn
that identifies Active Directory groups in ProcessMaker Platform. If unsure, enter *
. Synchronization is slower because all object classes are evaluated.
Click Save. The following message displays: The setting was updated.
From the Variable Map setting, map ProcessMaker Platform user properties to Active Directory attributes as follows:
Follow these guidelines to map a ProcessMaker Platform user properties to an Active Directory attribute:
Click the +Add button. A new row displays the existing mapped user properties.
In the ProcessMaker Property setting, enter the ProcessMaker Platform user property to which to map the Active Directory attribute. Select the properties in the following order:
firstname
lastname
username
In the LDAP Attribute setting, enter the Active Directory attribute from which to map to the ProcessMaker Platform user property. Enter attributes in the following order:
givenname
sn
samaccountname
Click Save. The following message displays: The setting was updated.
From the Chunk Size For User Import setting, enter the number of users that will be imported simultaneously as follows:
Enter the number of users. It is recommended 500 as the maximum.
Click Save. The following message displays: The setting was updated.
Click the Edit iconfor the Synchronization Schedule setting. The Synchronization Schedule screen displays.
Click the Edit iconfor the Type setting. The Type screen displays.
Click the Edit iconfor the Server Address setting. The Server Address screen displays.
Click the Edit iconfor the Server Port setting. The Server Port screen displays.
Click the Edit iconfor the Base DN setting. The Base DN screen displays.
Click the Edit iconfor the Username setting. The Username screen displays.
Click the Edit iconfor the Password setting. The Password screen displays.
Click the Edit iconfor the Groups To Import setting. The Groups To Import screen displays the Active Directory groups on your Active Directory server. If your Active Directory server contains no Active Directory groups, this screen displays no groups with which to synchronize.
Click the Edit iconfor the Departments to Import setting. The Departments To Import screen displays the Active Directory departments on your Active Directory server. If your Active Directory server contains no Active Directory departments, this screen displays no departments with which to synchronize.
Click the Edit iconfor the User Identifier setting. The User Identifier screen displays.
Click the Edit iconfor the Group Identifier setting. The User Identifier screen displays.
Click the Edit iconfor the Variable Map setting. The Variable Map screen displays.
Click the Edit iconfor the Chunk Size For User Import setting. The Chunk Size For User Import screen displays.