Community
    • Categories
    • Recent
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to import users from Active Directory (LDAP sync is working)

    Scheduled Pinned Locked Moved Operating
    6 Posts 3 Posters 1.2k Views 1 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T Offline
      thehazzard
      last edited by

      Hi all,

      I need your great help again regarding adding people to the i-doit systems here in our office.

      So we managed to use the knowledge-base of installing it on a Windows server 2019 via XAMPP.

      So i managed to have an LDAP connection.

      • Created an security group, put all our users in that group, and modified the filter.
        i-doitissue.JPG

      But the strange thing is, all the users need to login once that i can see them in the persons list. Can this be changed? that its already there?

      And my second question is, how to provide the best and quickest rights to the people. Because i tried with the IT persons, non of them had access.
      But i need to provide access for each condition, this should be easier right?
      i-doitissue2.JPG

      1 Reply Last reply Reply Quote 0
      • MartinVM Offline
        MartinV
        last edited by

        Be sure to map the AD group to an i-doit person group (configured in the person groups "LDAP-Group (Mapping)"), otherwise your i-doit users will lack the rights to see anything.

        T 1 Reply Last reply Reply Quote 0
        • T Offline
          thehazzard @MartinV
          last edited by

          @MartinV said in How to import users from Active Directory (LDAP sync is working):

          Be sure to map the AD group to an i-doit person group (configured in the person groups "LDAP-Group (Mapping)"), otherwise your i-doit users will lack the rights to see anything.

          First of all, happy new year.

          We have created an i-doit security group in AD, and added all the users in it.
          And then filter 3 as in the picture we added memberOf to that group (in our case i-dot access)

          what else do i need to do?

          1 Reply Last reply Reply Quote 0
          • L Offline
            leobaer
            last edited by

            Hi

            To import all users matching your configuration you have to run the ldap-sync on the command line.

            On Linux it looks like this

            console.php ldap-sync -l 2 -i 1 -u i-doit-user --password "..."
            

            Read the relevant docu for parameters: https://kb.i-doit.com/display/en/Options+and+Parameters+for+the+Console#OptionsandParametersfortheConsole-ldap-sync

            For assigning the permission:

            • Create a "person groups" within contacts (e.g. admins)
            • In category "person groups" configure the "LDAP-Group (Mapping)" so users in this LDAP group are assigned to this "person groups".
            • in Administration > Authorization system assign permissions to this "person groups" object

            Regards

            1 Reply Last reply Reply Quote 0
            • T Offline
              thehazzard
              last edited by

              I am trying to understand the list, its for Linux based? we use it life in XAMPP and its up and running, can reach the domain, users can connect with their windows accont to our i-doit server.

              The problem is, i dont understand the filters, where i do need to enter them or how to add them.

              1 Reply Last reply Reply Quote 0
              • T Offline
                thehazzard
                last edited by thehazzard

                Good morning all,

                I am trying to understand, since this issue is still not solved on our side.

                So as previous told.

                We have created a membergroup in AD-DS
                2023-02-21 08_58_32-Window1.png
                2023-02-21 08_58_32-Window2.png

                So i have made an LDAP connection in i-Doit, it found 36 objects.
                And we can login using our windows credentials.

                But if you never was logged in i-Doit will not see your account. So you need to login at least one time.

                This i need to change.
                I want to know where he stores the logged in users?
                Is it possible to have group where it stores? and i put all of them there.

                Because i need to have the "view group" enabled that users can see some things in i-Doit, so its easier to give rights to an group then individuals.

                We USE XAMPP webserver on Windows therefore the knowledge base is not applicable for our solution.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post