LDAP Import Source
You can import user or group information from the LDAP database. These import sources match the fields in your LDAP database to the fields in your instance.
Ensure that the LDAP connection is established before importing.
Import data
To import data using LDAP, you need to configure an import source. To do so, complete the steps below:
- Navigate to Import → Import Sources.
- Click New and fill in the fields.
- Click Save or Save and exit to apply the changes.
- Click Load All Records to create a temporary Import Set record.
- Create a transform map and field maps.
- Run a transform.
- Schedule the LDAP import.
Import Source form fields
| Field | Mandatory | Description |
|---|---|---|
| Name | Y | Specify a name of the import source. |
| Import set table name | Y | Specify the name of an Import Set record. After saving the record, this name is automatically transformed into the system name format with an application prefix and underscores instead of spaces. A new record is automatically created in the Import Set (sys_import_set) table with this name when import is completed.For example, if the application prefix is app, and the specified name is My Test, then the system name of the Import Set (sys_import_set) table will be app_imp_my_test. The displayed name of the created table will be App imp my table. See the Data Import article to learn more. |
| Type | N | The type of external data source. Select LDAP to import data from your LDAP source. |
| LDAP setting | N | Specify a preconfigured LDAP setting containing locations, people, and user groups you need. See the LDAP Integration article to learn how to configure an LDAP setting. |
Configure an LDAP setting
To create a new LDAP setting, complete the steps below:
- Navigate to LDAP → LDAP Settings.
- Click New and fill in the fields.
- Click Save or Save and exit to apply the changes.
LDAP Settings form fields
| Field | Mandatory | Description |
|---|---|---|
| Name | Y | Specify the LDAP setting name. The name you enter here becomes a target in the Import Sources record. |
| Active | N | Select this checkbox to activate the LDAP setting and to allow data import. |
| Relative Distinguished Name (RDN) | N | Enter the relative distinguished name (RDN) of the subdirectory to search through. |
| Server | Y | Specify the LDAP server containing users and groups directory and other information related to LDAP. To configure the server, navigate to LDAP → LDAP Servers and perform the required actions. |
| Table | Y | Select the target table to store the data from your LDAP server. For users, select the Users (user) table. The specified target table is used for LDAP auto-provisioning (automatic creation of users in the Users (user) table). |
| Filter | N | Enter a filter string to select specific records to import from the OU (organizational unit). |
| Query field | N | Specify the attribute name within the LDAP server for querying the records. Active Directory mostly uses the |
| Attribute list | N | Use the field to specify (include and limit) the attributes the LDAP query returns. This approach helps reduce the time required for large LDAP imports. If the field remains empty, the system loads all the objects with their attributes that your LDAP server is allowed to read. |
Note that the Query Field field is temporarily not working correctly – our team is working on its logic improvement to make it more efficient and secure. We will inform you about changes in future releases.
Filter example
(&(objectClass=person)(sn=*)(!(objectClass=computer))(!(userAccountControl:1.2.840.113556.1.4.803:=2))(!(userPrincipalName=*.admin@simpleone.ru)))`
The string produces the following filter conditions:
- classified as a person
- have an sn attribute value
- are not computers
- are not flagged as inactive
- login prerequisites are not equal to
admin@simpleone.ru
To learn more about the LDAP filter syntax, refer to the appropriate RFC document.