With the help of integration you can synchronize users between LDAP and BILLmanager, so that when a user logs in to BILLmanager, the entered data is validated on the LDAP side.
New clients are imported into BILLmanager and the status of existing clients is checked. If a user is blocked in LDAP, after synchronization it will be blocked in BILLmanager as well.
LDAP users can be imported as employees with full permissions, or as clients.
Only Free IPA and Active Directory implementations are supported.
Integration with ALD Pro is available through the Free IPA connection type.
Installing the module
To install the module, enter Integration → Modules → LDAP → click Install.
Connection settings
To configure synchronization with LDAP, enter Integration → Synchronization with LDAP:
- Provider — select a provider;
- Connection name — specify the name of the connection;
- Connection type — select the LDAP implementation
- FreeIPA;
- ActiveDirectory.
- Server address — specify the path to the LDAP server;
- Server port — specify the port to connect to the LDAP server;
- Ignore SSL — activate the option to not check the presence and validity of the SSL certificate;
- Path to certificate — Specify the path to the CA certificate file on the server. Typically specified for self-authenticated certificates or certificates that are not installed on the server;
- Base DN (Distinguished Name) — specify the directory object starting from which the search is performed;
- Bind DN (Distinguished Name) — specify the LDAP user on whose behalf LDAP queries will be performed;
- Password — enter the user password to connect to the LDAP server.
Synchronization setup
Synchronization of employees
Specify settings to import LDAP users as employees:
- Path to users — specify the path to the users to be imported as employees. Use the ADSI connection string syntax to write;
- User import filter — used in LDAP server queries when requesting a list of users. To add a filter by user group, use the (memberOf=) construct. For example, if the path to users is cn=admins,cn=groups,cn=accounts,dc=example,dc=com, specify the filter (memberOf=cn=admins,cn=groups,cn=accounts,dc=example,dc=com).
Synchronization of clients
LDAP groups obtained by the specified settings will be imported as "Clients". LDAP users who are in these groups will be imported as "Client" users.
- Path to groups — specify the path to the groups to be imported as clients. Use the ADSI connection string syntax to write;
- Group import filter — used in queries to the LDAP server when requesting a list of groups;
- Client name attribute — specify the name of the attribute on your LDAP server that stores the name of the group. For example, CN;
- User import filter — used in LDAP server queries when requesting users of a group that is being imported as a client.
User attribute settings
Specify correspondences between LDAP user attributes and BILLmanager user parameters:
- E-mail attribute — the name of the attribute on the LDAP server where the user's email is stored. For example, mail;
- Full name attribute — the name of the attribute on the LDAP server that stores the user's full name. For example, CN;
- Group membership attribute — the name of the attribute on the LDAP server that is responsible for a user's group membership. For example, memberOf;
- Blocking attribute — the name of the attribute on the LDAP server that is responsible for blocking the user.
Deleting
To delete synchronization with LDAP, enter Integration → Synchronization with LDAP → select the connection in the list → click Delete.
Removing LDAP integration does not affect synchronized users.
Synchronization
Synchronization is triggered once a day by a cron job:
0 0 * * * /usr/local/mgr5/sbin/mgrctl -m billmgr crontask action=ldap.sync sok=ok sok=ok >/dev/null 2>&1
To start synchronization manually, click Synchronize in the list of connections.