Users import via LDAP
DWKit supports user and user groups import via LDAP. It means that you can manage roles assignment to users in DWKit using user groups. And to assign users and groups in Active Directory. This way the roles assignment will be controlled in Active Directory and this information can be exported to DWKit via LDAP. There is the following sequence of actions in this case:
-
set connection to LDAP. To do this, write connection settings in appsettings.json. Find more about setting values in this document. Here's an example of connection setting:
"LDAPConf": {
"Host": "ldap.jumpcloud.com",
"Port": 636,
"Dn": "uid=dmelnikov,ou=Users,o=5d4d7060fbdd4c11264d9bd8,dc=jumpcloud,dc=com",
"Pwd": "!2Qwerty",
"DistinguishedName": "ou=Users,o=5d4d7060fbdd4c11264d9bd8,dc=jumpcloud,dc=com",
"SyncPeriod": 12345,
"Ssl": true
//"AutoSyncTimer": 60 //sec
} -
If you need periodic import, you must set the synchronization interval value in the
AutoSyncTimer
property. This interval is set in seconds. -
Go to the user control section in the admin panel - Security/Manage users. Launch first synchronization by clicking on the Import From AD button.
- After synchronization is complete, users and user groups will be uploaded to DWKit database, ExternalId attribute will be filled in for users, and Sync with domain attribute will be set for groups.
- In the future, you will be able to launch repeated synchronization or set periodic synchronization using the timer.
- After that you assign roles to user groups, not users. This will give you an opportunity to change user roles in the external source by just changing users group content.
- If during synchronization we have detected a user in DWKit that was uploaded via LDAP, but he's missing from uploads list, this user will be marked as Locked.
- You can switch off changing user group content in DWKit by resetting group Sync with domain attribute.
- Groups in external source and in DWKit are collated by Name filed, and users are collated by ExternalId field.