Align right

Administrator Guide: LDAP Synchronization for Fusion and SOPs before Fusion 4

Table of contents

History

[2013/02/15]
  • Initial version based on SMP 4.8 admin guide

[2013/05/27]
  • Modifications concerning the synchronize callflow feature.

Overview

LDAP Integration allows you to synchronize parts of your SMP's data with the data on an Active Directory server. Usage of other LDAP servers is not currently supported.

The following data can be synchronized from Active Directory:
  • Internal Directory
  • Users
  • External Number Mapping

ALERT! Project Planning : if your project planning is short, you might choose NOT to use LDAP integration because with this integration you need an Escaux SOP to be installed in your LAN prior to be able to start LDAP integration tests, which means configuration of web interfaces might be finished too late. As a workaround, you can start by using Bulk Administration, and synchronize with LDAP in a second phase.

Service enabling

To use the LDAP integration feature, you must first have the "LDAP Synchronization" module installed. The module requires several parameters to be configured which can be found in the LDAP Sync module reference guide

Service Delivery

Synchronization

To initiate the synchronization of Internal Directory, Users and External Number Mapping from Active Directory, do the following:

  • Go to the overview of the tasks and run the LDAP synchronization task.
  • Wait for the synchronization to finish. The time it takes depends on how many entries are in your directory and how many are selected by your filter. But typically this should be less than a minute or so.
  • The data is now on the SMP and you should see the updated records in the web interface.
  • Do Apply Changes to push the changes to the SOP

You may notice that the user's passwords are not synchronized. This is normal, whenever a user authenticates himself (when logging on the SMP or net.Desktop for example), and his user record's "source" is set to LDAP, the authentication will be forwarded to the LDAP server. Note that this offers the possibility to deactivate accounts and reset passwords instantaniously in your LDAP server without doing an LDAP sync and apply changes. However, it is not possible for the user to change his password from the SMP ALERT!.

Note that in the internal directory, Active Directory is considered authoritive for following fields only:
  • Extension
  • Login
  • First name
  • Last name
  • E-mail
  • Mobile number
  • Office
  • Department
  • Callflow (only if the callflow parameter is filled in the LDAP Synchronization module.)

This means that if any of these fields change in Active Directory, a synchronization will update the field on the SMP. If you changed any of these fields manually, your change will be overwritten. However, changes made manually to other fields will be kept.

If you want to avoid the synchronization to overwrite your modifications, you can set the record's source to "SMP". That way the LDAP synchronization process will no longer touch that record. However, in that case you will also need to set the password manually because the authentication will not be going to LDAP anymore.

The default user callflow, defined in the LDAP synchronization module, is added only during creation of the user by LDAP synchronization task if callflow syncing is disabled (that means, when the callflow parameter in the LDAP Synchronization module is empty.). If callflow syncing is enabled, manual changes will be overwritten at each synchronization. If no value for the callflow is set in the LDAP directory, the value of the default callflow parameter will be pushed at every synchronization.

Diagnostics

When the LDAP Sync module is installed, a new LDAP menu will appear in the SOP Shell under Diagnostics.

The Test Raw function will try to fetch the raw data from the LDAP server and dump it on the screen.

The Test Translated function will try to fetch the data from the LDAP server and apply the translations as configured in the module. The data as it would be imported in the SMP is dumped on the screen.

Other resources

Copyright © Escaux SA