How to import users from Active Directory (LDAP sync is working)

thehazzard

Hi all,

I need your great help again regarding adding people to the i-doit systems here in our office.

So we managed to use the knowledge-base of installing it on a Windows server 2019 via XAMPP.

So i managed to have an LDAP connection.

Created an security group, put all our users in that group, and modified the filter.

But the strange thing is, all the users need to login once that i can see them in the persons list. Can this be changed? that its already there?

And my second question is, how to provide the best and quickest rights to the people. Because i tried with the IT persons, non of them had access.
But i need to provide access for each condition, this should be easier right?

MartinV

Be sure to map the AD group to an i-doit person group (configured in the person groups "LDAP-Group (Mapping)"), otherwise your i-doit users will lack the rights to see anything.

thehazzard

@MartinV said in How to import users from Active Directory (LDAP sync is working):

Be sure to map the AD group to an i-doit person group (configured in the person groups "LDAP-Group (Mapping)"), otherwise your i-doit users will lack the rights to see anything.

First of all, happy new year.

We have created an i-doit security group in AD, and added all the users in it.
And then filter 3 as in the picture we added memberOf to that group (in our case i-dot access)

what else do i need to do?

leobaer

Hi

To import all users matching your configuration you have to run the ldap-sync on the command line.

On Linux it looks like this

console.php ldap-sync -l 2 -i 1 -u i-doit-user --password "..."

Read the relevant docu for parameters: https://kb.i-doit.com/display/en/Options+and+Parameters+for+the+Console#OptionsandParametersfortheConsole-ldap-sync

For assigning the permission:

Create a "person groups" within contacts (e.g. admins)
In category "person groups" configure the "LDAP-Group (Mapping)" so users in this LDAP group are assigned to this "person groups".
in Administration > Authorization system assign permissions to this "person groups" object

Regards

thehazzard

I am trying to understand the list, its for Linux based? we use it life in XAMPP and its up and running, can reach the domain, users can connect with their windows accont to our i-doit server.

The problem is, i dont understand the filters, where i do need to enter them or how to add them.

thehazzard

Good morning all,

I am trying to understand, since this issue is still not solved on our side.

So as previous told.

We have created a membergroup in AD-DS
2023-02-21 08_58_32-Window1.png
2023-02-21 08_58_32-Window2.png

So i have made an LDAP connection in i-Doit, it found 36 objects.
And we can login using our windows credentials.

But if you never was logged in i-Doit will not see your account. So you need to login at least one time.

This i need to change.
I want to know where he stores the logged in users?
Is it possible to have group where it stores? and i put all of them there.

Because i need to have the "view group" enabled that users can see some things in i-Doit, so its easier to give rights to an group then individuals.

We USE XAMPP webserver on Windows therefore the knowledge base is not applicable for our solution.