no way to compare when less than two revisions

Differences

This shows you the differences between two versions of the page.


Next revision
ldap [2018_01_30 17:23] – external edit 127.0.0.1
Line 1: Line 1:
 +====== LDAP Integration ======
 +
 +To setup LDAP integration from within the Cloud Appliance, login as the Cloud Admin, and navigate to the 'Auth Systems' option on the Organization sidebar. You can add MS Active Directory or any other LDAP server e.g. OpenLDAP {{:/LDAP:.:sme_menubar.png|menubar}}
 +
 +In your account you can add multiple LDAP servers.
 +
 +===== Setup Authentication Provider =====
 +
 +From the dropdown list select LDAP provider {{:/LDAP:.:sme_ldapselect.png|ldapselect}}
 +
 +You can complete the setup for LDAP server here {{:/LDAP:.:sme_ldapform.png|ldapform}}
 +
 +==== Connection Settings ====
 +
 +**Auth System Name:** This will be the displayed name of the ldap system when importing users **LDAP Server host or IP:** The IP or hostname of the LDAP server **LDAP Server port:** The port to use default is 389 **Connection Encryption:** You can chose //None, ldaps or TLS// **Base DN:** The root distinguished name (DN) to use when running queries against the ldap server. Example: dc=domain1,dc=local **Administrator User DN:** Administrator User **Administrator User Password:** Password for the administrator user
 +
 +==== Users Import Settings ====
 +
 +**Update user roles/groups on login:** On login user will be assigned roles from LDAP **User Object Class:** The user object class **Additional Custom User Object Classes:** Additional user object classes, you can enter multiple values separated by comma **Login Field:** The login field to use, this is pre-populated with the most common values //uid,cn, sAMAccountName, userPrincipalName// and will be used as user login id. You can enter a custom value by selecting //Use Custom User Login Field// and enter a custom filed {{:/LDAP:.:sme_customloginfield.png|customloginfield}}**User Name Field:** The mapping for user name field that will be used. this is pre-populated with the most common values //cn, name, displayName// You can also enter a custom filed by selecting //Use Custom User Name Field// and entering a custom field value. {{:/LDAP:.:sme_customusernamefiled.png|customusernamefiled}}
 +
 +**Use Custom User Email Field:** By default mail or email field will be used. By selecting this checkbox you can use a custom filed for email mapping.
 +
 +**Group (Role) Id Field:** The group mapping to use.
 +
 +**Restrict import of users from the following groups:** Restrict import of users to a certain groups
 +
 +**Group (Role) Object Class:** The Group class to use
 +
 +**Custom Group (Role) Object Classes:** You can enter multiple Group classes separated by comma.
 +
 +**Role Name Field:** The field to use for role mapping. You can enter custom field for by selecting //Use Custom Role Name Field//
 +
 +===== Importing Users and Roles =====
 +
 +After LDAP and the SME Cloud File Server have been successfully connected navigate to the "Users" option from the web menu. There will now be a further option, "Import users from a remote source". Clicking this link will show users that are available in LDAP for import / mapping to the Cloud File Server.
 +
 +{{:/LDAP:.:sme_importusers.png|importusers}}
 +
 +===== Choosing Users to Import =====
 +
 +Select the recently added auth system from the dropdown list if you have added more than one auth systems. {{:/LDAP:.:sme_selectauth.png|selectauth}}
 +
 +Once the users from LDAP are visible users can be selected for import (and roles separately if required) from the set by selecting the role drop down. If multiple roles are required choose shift-select to select more than one role.
 +
 +{{:/LDAP:.:sme_importusers2.png|importusers2}}
 +
 +When complete click the "import selected users" box.
 +
 +The SME user login ID will be **username@orgname**
 +
 +===== Importing Roles Directly =====
 +
 +If the Cloud File Server users have been setup directly it is still possible to import roles separately from Active Directory. To do this login as the Cloud Administrator on the web, click on the Roles menu option in the right sidebar and click the link, "choose what roles to import". Select the auth provider and import the roles.
 +
 +{{:/LDAP:.:sme_importroles.png|importroles}}
 +
 +===== Managing Users and Roles =====
 +
 +User role mappings can be managed from the User option in the right sidebar after logging in as the Cloud Admin. This lists all users and the Role that is assignedto them. Clicking on the edit icon enables options to be changed for an individual user, one of which is the Role Option. {{:/LDAP:sme_managingroles.png}}
 +
 +===== Assiging Permissions to Roles =====
 +
 +Once Users and Roles are set up then permissions can be set against a Shared folder by logging into the Web as Cloud Admin and selecting the 'Shared Team Folders'i option from the right sidebar. Permissions can be set in one of three ways:
 +
 +  * At a Folder lever
 +  * At a Roles level
 +  * At a user level
 +
 +The precedence is applied in the following order (lowest first)
 +
 +  * Folder permissions
 +  * Role permissions
 +  * User permissions
 +
 +Where a user is in multiple roles then least restrictive permissions apply.
 +
 +{{:/LDAP:.:sme_assigingpermissions.png}}
 +
 +===== User Login =====
 +
 +Once the users have been setup they can login directly using their normal LDAP to login through the SME Cloud File Server. On login their user credentials are sent to LDAP if the user is authorised then this is passed back to the SME Cloud File Server which issues a token for access. This token will then be used for SME File Server access for the users sessions and will be passed with each request.
 +