Document toolboxDocument toolbox

Active Directory / LDAP in the IGEL UMS

It can make sense to link the UMS Server to an existing Active Directory for two reasons:

  • You would like to import users from the AD as UMS administrator accounts.

  • You would like to use user profiles via IGEL Shared Workplace.

For both purposes, you first need to link the relevant Active Directories in the UMS Administration area under Global Configuration > Active Directory / LDAP. See also the how-to Configuring an AD Connection.


Menu path: UMS Administration > Global Configuration > Active Directory / LDAP

 

  1. If you have user and group dependencies between different configured domains/subdomains, you might want to activate Include all configured AD domains for search and import of AD users / groups. This option activates the group search for a user within all configured domains. On activation, a confirmation dialog is shown.

If this option is activated, a user may gain additional permissions. This will be the case if

  • the user is in a group that has been discovered due to this option,

  • this group has been imported under System > Administrator accounts,

  • and permissions have been assigned to this group i.e. permissions the user would not have otherwise.

Please note that, due to the additional lookups, this option might have an impact on the performance in the following areas:

  • UMS login

  • Permission dialogs

  • Shared Workplace (SWP)

 

  1. Add a new entry to the list of linked Active Directories by selecting Add (+).

  2. Specify the Domain Name.

  3. Enter the Domain Controller(s).

If the option Use LDAPS connection (see below) is activated, a fully qualified name of the domain controller must be entered, e.g. dc01.your.domain

To separate several domain controllers, a semicolon must be used.

 

  1. Specify the Page Size.
    The page size limits the number of hits (i.e. objects) in the Active Directory on the server side. The default value is "1000". Change this value according to your server configuration.

  2. Activate Use LDAPS connection to secure the connection with the provided certificate.
    The Port changes automatically to the default value "636".

  3. Click Import SSL Certificate to configure the certificate and to verify the Certificate DN.

 

  1. Enter valid user data under User name and Password.

 

  1. Specify aliases under UPN Suffix if they have been configured (semicolon separated list). Example: domain.local;test.local

  2. Click Test connection to check the connection.

 

  1. Click Ok to save the changes.