Differences
This shows you the differences between two versions of the page.
Next revision | Previous revisionNext revisionBoth sides next revision | ||
ldap [2018_01_30 17:23] – external edit 127.0.0.1 | ldap [2021_01_20 22:00] – steven | ||
---|---|---|---|
Line 1: | Line 1: | ||
====== LDAP Integration ====== | ====== LDAP Integration ====== | ||
- | To setup LDAP integration | + | The File Fabric supports |
- | In your account you can add multiple | + | This document describes integration with LDAP. For SAML see [[: |
- | ===== Setup Authentication Provider ===== | + | Supported for: |
- | From the dropdown list select LDAP provider {{:/ | + | * Enterprise File Fabric |
+ | * SaaS (US and EU) | ||
- | You can complete the setup for LDAP server here {{:/LDAP:.:sme_ldapform.png|ldapform}} | + | LDAP Integration is supported |
- | ==== Connection Settings ==== | + | * Microsoft Active Directory |
+ | * Azure AD Domain Services | ||
- | **Auth System Name:** This will be the displayed name of the ldap system when importing users **LDAP Server host or IP:** The IP or hostname of the LDAP server **LDAP Server port:** The port to use default is 389 **Connection Encryption: | + | ## Adding an LDAP Directory Service |
- | ==== Users Import Settings ==== | + | Directory services are managed by an Organization administrator under **Organization** \> **Auth Systems**. Multiple auth systems can be configured. |
- | **Update user roles/ | + | {{ :iam:auth-systems-page.png?600 }} |
- | **Use Custom User Email Field:** By default mail or email field will be used. By selecting this checkbox you can use a custom filed for email mapping. | + | To use the LDAP protocol for any directory service, including Active Directory choose |
- | **Group (Role) Id Field:** The group mapping to use. | + | {{ :organisationcloud: |
- | **Restrict import | + | ==== Entering Connection Information ==== |
+ | The first section | ||
- | **Group (Role) Object Class:** The Group class to use | + | {{ :: |
- | **Custom Group (Role) Object Classes:** You can enter multiple Group classes separated by comma. | ||
- | **Role Name Field:** The field to use for role mapping. You can enter custom field for by selecting //Use Custom Role Name Field// | + | __Auth System Name__ - Enter any label you want for this Auth System. |
- | ===== Importing Users and Roles ===== | + | __LDAP Server host or IP__ - This is the dns resolvable hostname, or the IP address for your AD servers which are listening for LDAP connections. |
- | After LDAP and the SME Cloud File Server have been successfully connected navigate to the " | + | For high availability you can enter multiple addresses. Enter the host like you would normally then subsequent hosts separated by a space and include |
+ | |||
+ | ``` | ||
+ | server1 ldap:// | ||
+ | ``` | ||
- | {{:/LDAP:.: | + | In case EFF can not connect to the first AD, next one will be tried. |
- | ===== Choosing Users to Import ===== | + | __LDAP Server Port__ - Can leave the default (port 389) if the Connection Encryption is none or TLS. Use port **636** for SSL. Or other port if you are using non-standard ports for your AD environment. |
- | Select the recently added auth system from the dropdown list if you have added more than one auth systems. {{:/ | + | __Connection Encryption__ - Select the encryption method your AD environment supports. |
- | Once the users from LDAP are visible users can be selected | + | __Base DN__ - Enter the Base DN for your enviornment. This is dependent on your AD environment setup. |
- | {{:/LDAP:.: | + | __Administrator User DN__ - Enter the DN for a service account in your AD environment that we will use to connect. |
- | When complete click the " | + | __Administrator User Password__ - Password for the account entered in the previous field. |
- | The SME user login ID will be **username@orgname** | ||
- | ===== Importing Roles Directly ===== | ||
- | If the Cloud File Server users have been setup directly it is still possible to import roles separately from Active Directory. To do this login as the Cloud Administrator on the web, click on the Roles menu option in the right sidebar and click the link, " | ||
- | {{:/ | ||
- | |||
- | ===== Managing Users and Roles ===== | ||
- | |||
- | User role mappings can be managed from the User option in the right sidebar after logging in as the Cloud Admin. This lists all users and the Role that is assignedto them. Clicking on the edit icon enables options to be changed for an individual user, one of which is the Role Option. {{:/ | ||
- | |||
- | ===== Assiging Permissions to Roles ===== | ||
- | |||
- | Once Users and Roles are set up then permissions can be set against a Shared folder by logging into the Web as Cloud Admin and selecting the ' | ||
- | |||
- | * At a Folder lever | ||
- | * At a Roles level | ||
- | * At a user level | ||
- | |||
- | The precedence is applied in the following order (lowest first) | ||
- | |||
- | * Folder permissions | ||
- | * Role permissions | ||
- | * User permissions | ||
- | |||
- | Where a user is in multiple roles then least restrictive permissions apply. | ||
- | |||
- | {{:/ | ||
- | |||
- | ===== User Login ===== | ||
- | |||
- | Once the users have been setup they can login directly using their normal LDAP to login through the SME Cloud File Server. On login their user credentials are sent to LDAP if the user is authorised then this is passed back to the SME Cloud File Server which issues a token for access. This token will then be used for SME File Server access for the users sessions and will be passed with each request. | ||