How to turn it on?
There are two ways to enable LDAP Sync in the Customer Portal.
-
Sync Now for an on-demand sync
-
Scheduled Sync for automatic recurring sync
How to turn it off?
Click the red Delete Existing Sync Settings button.
What will it import?
When no filters or attributes are used, anything in your Active Directory OU will be imported. In order for addresses to be imported they need to have a proxy address attribute in your Active Directory. However, special filters and attributes can be used to narrow the scope of the email addresses that will be imported. See KB article on LDAP Advanced Settings. LDAP does not pull in first/last name nor passwords.
What is the Preview and .csv export showing me?
-
Results Preview – displays a list of email addresses that we will import into the Customer Portal
-
Export User Preview to .csv – contains the list of email addresses with their corresponding address type and primary-to-alias relationship as it exists in your AD
Can I specify what I want to import?
Yes. The Filter String can be used to import specific domains and object classes from your Active Directory.
You can choose to import a single domain from your Active Directory, multiple domains or all domains.
You can choose to import a single or multiple object types such as only users, only groups, both users and groups. The Results Preview and the Export User Preview to .csv tools will show you the results of your filter string.
How do I create a search base to pull from a specific place in my AD?
Sample: OU=SBSUsers,OU=Users,OU=MyBusiness,DC=apteamdev,DC=local
This is an example of what it might look like in your AD.
What can I expect to be imported?
All email addresses will be seen in the Results Preview along with their aliases where the username portion of the email address is not a duplicate.
What will not be imported?
Anything that you do not see in the Results Preview or duplicates
How soon and frequently can I import email addresses?
LDAP runs at a minute after the top of each hour. Ex: 1:01pm, 2:01pm, etc. If you have LDAP scheduled to run every 24 hours then it will run at 12:01am. You should choose Sync Now to sync any changes you have made currently in your AD then schedule sync time of your choice.
Does it bring across passwords from their system?
No
Does it bring across user's first and last names from their system?
No. The last name will be the domain name. Our SecureTide® servers do not store first or last names so we do not pull them in.
Does it bring across permissions from their system?
No
Does it match users and groups from their server?
No. The customer’s server is responsible for matching the user to the group.
User aliases?
Yes
Domain aliases?
If the users are listed in the AD as addresses of the domain alias
How often does it check with their server?
Scheduled Sync can check as frequently as the top of each hour and can be delayed by 1 hour increments out to 24 hours.
Does it automatically remove users from the portal that are no longer in my Active Directory?
Not by default, but there is an option you can check to 'Remove Accounts'. When that option is enabled it will remove all addresses from the Customer Portal that do not exist on your LDAP server.
Are there still manual and automatic sync methods?
Yes
Is there a way that we can see what their login is so we can check their connection?