Use the Active Directory / Lightweight Directory Access Protocol (AD / LDAP) Connections settings to discover and import client AD / LDAP information from the client’s Microsoft Exchange or LDAP server. AD / LDAP Connections can perform bulk data imports of AD and LDAP directories that speeds up the client setup process and greatly reduces manual input errors. You can use the AD/LDAP Connections to synchronize Web Help Desk user information with the latest information on your Microsoft Exchange or LDAP server.
LDAP is a protocol that creates a central user database for single sign-on (SSO), allowing you to access resources and services in a network. LDAP implementations use self-signed certificates by default. To use a trusted certificate issued by a Certificate Authority (CA), you can import the certificate into your Java key store.
Validate LDAP certificates
You can establish a secure connection from Web Help Desk to an LDAP server by selecting the SSL check box. To accept certificates issued by a CA, select the Accept only trusted Certificates check box. When selected, Web Help Desk verifies the host LDAP certificate against the certificates in your Java key store. If Web Help Desk detects a certificate that is not signed by a trusted CA or uploaded to your Java key store, Web Help Desk generates a warning in the user interface and does not store the LDAP connection.
WHDGlobalConfig.properties file contains the name, password, and location of your Java key store. This file is located in the following directory:
To update these parameters, edit the file with your new settings, save the file, and then restart Web Help Desk. See Keystore Settings (for SSL Connections) for more information.
Synchronize Web Help Desk user information
When you import your AD/LDAP connections, use the following conventions:
- Ensure the person configuring and using this import is experienced with AD and LDAP administration.
- Work with a client representative familiar with AD/LDAP and the existing structure. The client representative must have administrative access to the customer AD/LDAP server.
- If your AD/LDAP directory contains mostly users not using Web Help Desk, SolarWinds does not recommend performing a bulk AD/LDAP import.
To connect to a client LDAP server and import or synchronize users:
- Click Setup.
- Select Clients > AD / LDAP Connections.
To create a new connection, click New.
To update an existing connection, click the connection name to open it, and then click to edit.
- In the Connection Basics tab, select Enabled to enable the connection.
Enter the required connection information. See the tooltips for more information.
- Maximize the Advanced window and review or update the advanced settings.
If you want to use bulk synchronization, select Enabled and then specify when the synchronization should occur.
To avoid affecting network performance, schedule the synchronization for a time when the network is least busy.
- Click Save.
Click Test Settings to test your settings, and make adjustments if needed.
See LDAP fails to connect when initiating a connection for troubleshooting information.
- Map client account fields to attributes in the schema.
- Click the Attribute Mappings tab.
- Specify the AD or LDAP schema being used.
Locate each client account field that will be populated with information from the AD or LDAP server. To map each field, enter the associated schema element as instructed by the AD or LDAP administrator.
The client's last name, user name, and email must be mapped. If you are using the default schema, these fields are mapped automatically. For custom schemas, you must map these attributes manually.
Any field, including custom fields, can be mapped if the data is available in the schema.
- Click Save.