Setting up LDAP synchronization
To enable LDAP authentication, synchronization with the LDAP server must also be enabled. Edit values in the common.properties file and the ldap.properties file to enable synchronization.
About this task
To perform the basic configuration for LDAP authentication, complete the following steps:
Procedure
- Click .
- Ensuring that you are editing the common.properties file,
edit the following properties
- authentication.LDAP
- To enable or disable LDAP authentication.
- True
- LDAP user authentication is enabled. Note: Each time the synchronization with Active Directory takes place the users and user groups are deleted from the Remote Control database and then imported from Active Directory. Therefore, if LDAP is enabled, new users and new user groups must be created in Active Directory and not in Remote Control.
- False
- LDAP user authentication is not enabled. Users are authenticated against the Remote Control database.
authentication.LDAP=true
- authentication.LDAP.config
- Defines the file that contains the LDAP configuration
properties.
authentication.LDAP.config=ldap.properties
- sync.ldap
- Synchronize the users and groups from Active Directory with the Remote Control database. Takes
the values true, to synchronize or false, for no synchronization.
- True
- The LDAP server is synchronized with the Remote Control database to reflect any changes that are made in LDAP.
- False
- No synchronization takes place. If synchronization is disabled, you must manually import the users into the Remote Control database. Otherwise, they cannot log on to the Remote Control server. The users must exist in the Remote Control database so that they can be associated with the relevant permissions that are required to establish remote control sessions.
Note: The synchronization is performed by running a scheduled task. The task pulls the LDAP information from the LDAP server and updates the database with any changes that are made to the user or group information. Within the trc.properties file, two attributes define the time interval that the scheduler uses to check for scheduled tasks.- scheduled.interval
- The frequency hat the server must check for scheduled tasks. The number of units of
time between each checking period. Default is 60.Note: If you change this value, restart the server service for the new value to take effect.
- sync.LDAP.task_run_time
- Use to indicate the time of the day the a fixed time synchronization has to occur.
This is an alternate setting to scheduled.interval. Possible values: 24 hours notation
of the time in HH:MM:SS. For Example 02:00:00 to perform the synchronization at 2 AM.Note:
- When using usingsync.LDAP.task_run_time the actual task execution time is affected by the scheduled.interval setting, as the LDAP synchronization occurs within the context of the task scheduler. The actual execution time can span from sync.LDAP.task_run_time to sync.LDAP.task_run_time + scheduled.interval.
- The server must be restarted to use fixed time synchronization.
- scheduled.interval.period
- The unit of time to be used along with the scheduled interval to specify how often the server must check for scheduled tasks. Default is minutes.
- Click Submit.