Import clients from Active Directory
To streamline the client setup process and reduce input errors, you can import client information from one or more Microsoft® Active Directory® (AD) or LDAP servers. Web Help Desk automatically creates client accounts based on this information, and then updates the client accounts when the information changes.
If you import data from an AD or LDAP server, the client login credentials are evaluated by AD or LDAP, not by Web Help Desk. When a client attempts to log in, Web Help Desk sends the credentials to the AD or LDAP server for authentication.
Determine whether to import all records or individual records
Web Help Desk periodically performs a one-way synchronization with the AD or LDAP server. You can choose to synchronize individual records as needed (individual synchronization) or to synchronize all records at once (bulk synchronization).
Individual synchronization creates and updates client account information as needed, which reduces processing time. Web Help Desk creates each client account the first time a user logs in to the website or submits a ticket through email. The client account is updated whenever the client logs in again or submits another ticket.
Individual synchronization is used unless you choose to enable bulk synchronization.
Bulk synchronization creates a client account for every user record in the AD or LDAP directory. Each time bulk synchronization runs, Web Help Desk examines each user record to determine if a corresponding client account needs to be added or updated. If your organization includes several users, bulk synchronization can affect Web Help Desk performance.
If enabled, bulk synchronization runs at regular intervals based on the schedule that you specify in the connection definition. You can also run it manually by clicking the Sync Now button in the LDAP connection list.
Even if you use bulk synchronization, Web Help Desk still performs an individual synchronization each time a client logs in or sends an email. This keeps active client accounts up-to-date, even if bulk synchronization is not performed frequently.
Most organizations do not need to perform bulk synchronization. However, bulk synchronization can be useful if you need to create all client accounts so that you can make configuration changes before clients log in.
If most of the users in your AD or LDAP directory are not using Web Help Desk, SolarWinds does not recommend using bulk synchronization.
Define a connection
To enable the client account data import, define a connection to each AD or LDAP server.
The connection definition:
- Provides information that enables Web Help Desk to connect to the server
- Enables and schedules bulk synchronization (optional)
- Maps attributes in the AD or LDAP schema to the corresponding fields in the Web Help Desk client account
This example provides connection information for an LDAP server, and maps the custom Contractor field to an attribute in the LDAP schema.
Complete this procedure with an experienced AD or LDAP administrator who is familiar with your existing structure. This person must have administrative access to the AD or LDAP server.
- Click Setup.
- Select Clients > AD / LDAP Connections.
To create a new connection, click New.
To update an existing connection, click the connection name to open it, and then click to edit.
- In the Connection Basics tab, select Enabled to enable the connection.
Enter the required connection information. See the tooltips for more information.
- Maximize the Advanced window and review or update the advanced settings.
If you want to use bulk synchronization, select Enabled and then specify when the synchronization should occur.
To avoid affecting network performance, schedule the synchronization for a time when the network is least busy.
- Click Save.
Click Test Settings to test your settings, and make adjustments if needed.
See LDAP fails to connect when initiating a connection for troubleshooting information.
- Map client account fields to attributes in the schema.
- Click the Attribute Mappings tab.
- Specify the AD or LDAP schema being used.
Locate each client account field that will be populated with information from the AD or LDAP server. To map each field, enter the associated schema element as instructed by the AD or LDAP administrator.
The client's last name, user name, and email must be mapped. If you are using the default schema, these fields are mapped automatically. For custom schemas, you must map these attributes manually.
Any field, including custom fields, can be mapped if the data is available in the schema.
- Click Save.