If you are an administrator of a large enterprise with thousands of users and hundreds of business units, one of the most challenging tasks you are facing is how to manage those users and groups across hundreds of applications. It would be a nightmare to create users and groups one-by-one in your presently account, not to mention associating all the users with the right groups.
If you are an administrator who worries about sensitive login credentials duplicated everywhere, or you are a user who hates to remember different user names and passwords for all the applications your company has, you might be hesitate to create yet another account for presently.
Now those worries are over, Presently proudly announce that it is LDAP ready. Since most large enterprises already has directory services in place that supports LDAP, while for smaller organizations, setting up an OpenLDAP server or Microsoft Active Directory is quite easy.
Just in case you are hearing about LDAP for the first time, the Lightweight Directory Access Protocol (LDAP) is an open standard that provides an extendable architecture for storage and management of directory information. Widely accepted and fast-growing, LDAP has become the de facto industry standard for accessing directory information over a TCP/IP network. For more details, please visit “LDAP Wiki”:http://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol .
Let us see what you can achieve by integrating your existing LDAP service with Presently:
* Account admin can easily batch import users and groups from LDAP
* Users are associated with groups automatically during the import
process according to your organization structure.
* Utilize LDAP to authenticate users directly instead of using local
accont credentials. So no sensitive login credentials are stored locally. And for users it means no more extra logins to remember.
* New user will be added on-the-fly during the authentication process, if his account information has not yet been imported.
These features help to eliminate all the administrator’s headaches , and improve users’ experience with Presently.
Here is how you can setup LDAP for your account:
1. Login as an admin user of your account.
2. Go to admin tab and click LDAP Settings on the right menu bar.
3. Enter your LDAP information in the following LDAP Settings Form.
4. Save the settings after you finish.
Definition of terms in the LDAP Settings Form:
* __Enable__: Enable LDAP on your account.
* __Server__: Type the IP address of the LDAP directory. Use either the host name or dotted decimal format.
* __Port__: Type the TCP/IP port on which the LDAP server will accept a connection from an LDAP client.
* __Encryption__: Select the communcation encryption method, can be “No Encryption”, “SSL” or “StartTLS”
* __Authentication__: If your LDAP server allow anonymous access select “None”, otherwise select “Simple” and provide Bind DN and password.
* __Bind DN__: Type the distinguished name (DN) of the directory administrator that allows presently to update information. You must use the LDAP string representation for distinguished names (for example, cn=Chris Smith,dc=intridea,dc=com ).
* __Password__: Type the directory administrator’s password.
* __LDAP User Auth.__: Enable LDAP user authenticate for this account.
* __User search base__: Type the distinguished name (DN) of the entry in the directory information tree (DIT) under which user information is stored. You must use the LDAP string representation for distinguished names (for example, ou=people, dc=intridea,dc=com ).
* __Group search base__: Type the distinguished name (DN) of the entry in the directory information tree (DIT) under which group information is stored. You must use the LDAP string representation for distinguished names (for example, ou=groups, dc=intridea,dc=com ).
* __User unique ID name__: Type the user id name defined in LDAP user object schema. Usually it’s ‘uid’, or ‘sAMAccountName’ for Microsoft Active Directory.
* __Group member ID name__: Type the group member name defined in LDAP group object schema. Usually it’s ‘member’.
Please email ping_at_intridea_dot_com for questions, suggestions or comments.