<< Click to Display Table of Contents >>

Navigation: 

Synchronizing with a Network Directory Service

Previous  Home topic  Next  Print this topic Send Feedback

If you manage a directory of users on your network outside of PerfectForms™, you can use the synchronize option to dynamically update PerfectForms™ with the contents of your directory. Note that changes to users in PerfectForms™ cannot be migrated back out to your directory at any point; synchronization is a one-way process. The PerfectForms™ system still maintains its own database of users. For each user, only a single unique identifier (e.g. Distinguished Name, or UID) is stored in its database.

 

When a user logs in, their credentials are verified in the Directory Service. If the authentication is successful, the user is logged in based on the mapping of the single identifier. If the user does not already exist in the PerfectForms™ database, a new user is automatically created in the PerfectForms™ database. This means that every user in the Directory Service is automatically a PerfectForms™ user, even if there is no entry yet in the database.

 


Note: If you attempt to synchronize when using a self signed certificate the synchronization will fail. In these cases go to the Account Settings and select the option to Ignore SSL certificate errors.


 

To synch your directory to PerfectForms™:

 

Document Icon

1.Go to the Settings Dashboard.
2.In the tree, expand Account Settings > Users > Synchronize.
3.In the details area, configure the call to the directory service. Enter the directory service's host machine IP address, port, and other connection credentials. (** See Note below)
4.The synchronize feature supports use of SSL & Global Catalog. Check the Use SSL & Use Global Catalog checkbox to permit these features. (** See Note below)

Synchronize Page

5.In the Look Up area, enter the context distinguished name (Context DN) from Active Directory. Optionally, specify a filter (for example, CN=a* which only returns entries where the common name starts with 'a').
6.Check the Include Subcontexts checkbox to allow reading of sublevel nodes inside the Active Directory environment/
7.In Attributes Mapping, sample attributes are supplied but you must enter the Unique ID attribute exactly as it appears in your active directory structure. The attribute name in your system is also needed for First Name, Last Name and Email (for example, userPrincipalName).
8.Optionally, you can automatically assign users to a user-group and/or position. Select the corresponding Synchronize check box under each of those sections and enter the active directory attribute name that contains that information.
9.Auto Synchronize is a feature only supported in the PerfectForms™ On-Premise version. Click Here for details.
10.Optionally, assign a default log-in type. Limited User is selected by default since this option does not use up a license.
11.Additional attributes can be mapped including Domain Username, Phone, Custom ID and more.

Note: If the page does not show all options, you may need to expand the Dashboard. To do this, click the handle on the right side of the page and drag to the right.


12.Click Apply Changes.
13.Click Test Connection. If your connection is not successful, you may have entered incorrect information in the Connection area. Verify your Host IP, Port, and binding.

Video Tutorial: Synchronizing with a Network Directory Service

 

Importing a form Video Tutorial

 

Shows how to synchronize with LDAP directory service to maintain and update user details

 

 

 

 

 


Note **:

When the Directory Service's host machine is accessed from outside its internal network it should have its own external IP address or the external IP address should be forwarded to its internal IP address. The PerfectForms™ On Demand server will always be outside the Directory Service's host machine's network.

 

The common method of hosting LDAP directory information is to use the default LDAP or LDAPS (secure LDAP) on ports 389 or 636. These standard LDAP ports always exist on a Domain Controller (DC) and are rarely changed. Accessing this directory partition provides access to all of the objects within the domain that is hosted on the DC. There is no way to access objects from other domains using this method.

A DC can also be granted the Global Catalog (GC) role. Global Catalog (GC) role is an LDAP-compliant directory consisting of a partial representation of every object from every domain within the forest. This LDAP directory can be accessed on port 3268, with LDAPS on port 3269. LDAPS and the default LDAP ports' certificate requirements are the same.


 


Updated: 01/09/2014  Page url: http://www.perfectforms.com/Documentation/manual/html/?fg_synchronizing_users__user_grou.htm
PerfectForms™ -- forms software, workflow software, and business process management