LDAP/AD settings allow the configuration of the authentication module that connects ImageMaster to an existing LDAP or MS Active Directory infrastructure. For more information regarding ImageMaster LDAP / AD functionality, see the corresponding system manual [SM Authentication].
Click the Operational Settings > LDAP / AD tab to configure settings for LDAP/AD. The tab is divided into 2 subpanels:
-
Configuration: general access configuration
-
Mappings: defines the mapping of ImageMaster roles and groups to existing LDAP groups
Figure 30: System – operational settings: LDAP/AD configuration
To configure LDAP settings
-
Go to the Configuration tab.
-
Adjust the fields as required.
For detailed descriptions see table Operational settings – LDAP/AD configuration parameters.
-
When completed, click Save. To reset all settings to their default, click Restore Defaults.
To check a configuration
-
To perform a configuration check, enter the User Name in the field and click Show LDAP/AD User Information.
-
If the check is successful, the overall user information will be shown in the overlay window.
This operation is only possible if manager access is configured or if the LDAP supports access with an anonymous bind.
Figure 31: System – operational settings: LDAP/AD role mapping
LDAP groups are listed automatically when the user switches to this panel for the first time. This operation may take a while for larger companies when there are many entries in the directory.
LDAP groups can be mapped to ImageMaster roles and ImageMaster user groups. Several mappings can exist for the same distinguished LDAP/AD group name. The marker “LDAP Managed” helps to identify which mappings originate from LDAP and which ones have been added manually. For manually added groups, only the distinguished group name is available because common name and description are not stored in the configuration.
You can perform the following actions:
-
add/delete a mapping
-
check configuration
To add/delete a mapping
-
Click New to add a new mapping and specify the following parameters:
-
Distinguished Name: Enter the name of the mapping.
-
Assigned Roles: Select the role from the list of available ImageMaster roles.
-
Assigned Groups: Select the group from the list of available ImageMaster groups.
-
-
Click Apply. The list of LDAP/AD groups will be refreshed and the newly created group is added to the hit list. To refresh the list manually, click Refresh LDAP Groups.
-
The common ImageMaster sorting, filtering, and navigating is available in the LDAP group hit list. The number of available groups in the hit list is shown above the hit list.
-
Optionally, select a default role from the list below the hit list. This role is always applied when a user has no specific role assigned based on his group membership. By default no role is selected.
-
To remove a mapping, select the entry in the hit list (multiple selection is supported) and click Delete. After deletion, the list and the hit list will be automatically refreshed.
-
When completed, click Save. To reset all settings to their default, click Restore Defaults.
To check a configuration
-
In the section Check Configuration enter the User Name and click Evaluate.
-
The following information will be shown below:
-
user full name
-
user configured e-mail (if available)
-
assigned roles
-
assigned groups
-
The description of the parameters for LDAP/AD configuration is presented in the table below.