Difference between revisions of "LDAPS Group Sync Profile"

From Studentnet Wiki
Jump to navigation Jump to search
 
(7 intermediate revisions by the same user not shown)
Line 1: Line 1:
 +
LDAPS Group Sync Profiles are used to process groups from Active Directory (AD) and put them in the dashboard
 +
==Minimum requirements for a group to be synced from AD to Cloudwork==
 +
Each group that needs to be synced into Cloudwork require the following attributes in AD:
 +
*Friendly Name Field
 +
*Group Email Field
 +
*Mail Field
 +
 +
==Information and Settings to have ready before creating sync profile==
 +
===Directory Configuration===
 +
In your directory:
 +
*Open your firewall and allow IP ranges from [https://wiki.studentnet.net/index.php/IP_Range#Cloudwork_IP_Range here]
 +
*Create a user in your directory which has read permissions and save the following details about newly created user:
 +
**Username:
 +
**Password:
 +
**Directory Location:
 +
*Have the LDAP path for the container you want synced:
 +
*Note down the IP address your directory server is on:
 +
*Note has the mail attribute populated with the user's email address? If not where is this stored?
 +
 +
==Creating a the LDAP Group Sync Profile==
 +
 +
 +
#In the '''Cloudwork Dashboard'''>'''Sync Profile'''>'''New Sync Profile'''>'''LDAP Group Sync Profile'''
 +
#Fill in the form:
 +
#*'''Description''': Name or Description of Sync profile
 +
#*'''Ldap Server''': IP Address or hostname of the directory server to collect information from
 +
#*'''Ldap User''': Directory and username of newly created user
 +
#*'''Ldap Password''': Password of newly created user
 +
#*'''Search Container''': The LDAP path for the container you want synced
 +
#Click submit
 +
 
== Base Settings ==
 
== Base Settings ==
  
Line 33: Line 64:
 
|[[Image: usersearchcontainer.png]]
 
|[[Image: usersearchcontainer.png]]
 
|-
 
|-
|
+
|[[Image: Friendname.png]]
 
|Friendly name for the group  
 
|Friendly name for the group  
 
|
 
|
 
|-
 
|-
|
+
|[[Image: Groupemail.png]]
|The field that contains the name of the group
+
|The email address for the group
 
|
 
|
 
|-
 
|-
|
+
|[[Image: Defaultgroup.png]]
 
|Default Group Type - this setting decides which users can send to the group
 
|Default Group Type - this setting decides which users can send to the group
 
|
 
|
 
|-
 
|-
|
+
|[[Image: Groupsisid.png]]
 
|The LDAP attribute that stores the SIS ID for a group. This field is important for Canvas, and other services.
 
|The LDAP attribute that stores the SIS ID for a group. This field is important for Canvas, and other services.
 
|
 
|
 
|-
 
|-
|
+
|[[Image: Groupfac.png]]
|Group Faculty Attribute - Not sure
+
|Group Faculty Attribute*
 
|
 
|
 
|-
 
|-
|
+
|[[Image: Groupform.png]]
|Group form attribute - not sure
+
|Group form attribute*
 
|
 
|
 
|-
 
|-
|
+
|[[Image: Groupemail.png]]
 
|Email address attribute used to look up group members
 
|Email address attribute used to look up group members
 
|
 
|
 
|-
 
|-
|
+
|[[Image: Groupextrasearch.png]]
 
|LDAP query paramaters that will be be used to further restrict Cloudwork's default group syncing
 
|LDAP query paramaters that will be be used to further restrict Cloudwork's default group syncing
 
|
 
|
 
|-
 
|-
 +
|[[Image: Grouptypes.png]]
 +
|Group types, used to set the group types and whether or not the group is to be Synced to Google and/or Azure. Multiple options can be chosen
 
|
 
|
|
 
|Group types - not sure!
 
 
|-
 
|-
 
|}
 
|}

Latest revision as of 03:54, 13 August 2024

LDAPS Group Sync Profiles are used to process groups from Active Directory (AD) and put them in the dashboard

Minimum requirements for a group to be synced from AD to Cloudwork

Each group that needs to be synced into Cloudwork require the following attributes in AD:

  • Friendly Name Field
  • Group Email Field
  • Mail Field

Information and Settings to have ready before creating sync profile

Directory Configuration

In your directory:

  • Open your firewall and allow IP ranges from here
  • Create a user in your directory which has read permissions and save the following details about newly created user:
    • Username:
    • Password:
    • Directory Location:
  • Have the LDAP path for the container you want synced:
  • Note down the IP address your directory server is on:
  • Note has the mail attribute populated with the user's email address? If not where is this stored?

Creating a the LDAP Group Sync Profile

  1. In the Cloudwork Dashboard>Sync Profile>New Sync Profile>LDAP Group Sync Profile
  2. Fill in the form:
    • Description: Name or Description of Sync profile
    • Ldap Server: IP Address or hostname of the directory server to collect information from
    • Ldap User: Directory and username of newly created user
    • Ldap Password: Password of newly created user
    • Search Container: The LDAP path for the container you want synced
  3. Click submit

Base Settings

Base Settings
Field Description
Userdesc.png A short description to identify the sync profile
Userldapserver.png IP address or host name of the directory server to collect information from. Password reset will only work over LDAPS://
Userldapuser.png Username to bind to when collecting
Userldappassword.png Password to use when collecting information from the server

Group Settings

User Settings
Field Description Active Directory Example if available
Usersearchcontainer2.png The qualified name for the container to look for users. eg, OU=students, OU=users, DC=yourdomain, DC=com Usersearchcontainer.png
Friendname.png Friendly name for the group
Groupemail.png The email address for the group
Defaultgroup.png Default Group Type - this setting decides which users can send to the group
Groupsisid.png The LDAP attribute that stores the SIS ID for a group. This field is important for Canvas, and other services.
Groupfac.png Group Faculty Attribute*
Groupform.png Group form attribute*
Groupemail.png Email address attribute used to look up group members
Groupextrasearch.png LDAP query paramaters that will be be used to further restrict Cloudwork's default group syncing
Grouptypes.png Group types, used to set the group types and whether or not the group is to be Synced to Google and/or Azure. Multiple options can be chosen

Advanced Settings

Advanced Settings
Field Description
Advdomain.png The email domain for groups. If Force Mail Domain is selected, user accounts created or updated by replace the email domain with this domain
Advdirectoy.png The directory type that the users are syncing from
Advdeleteaction.png When a user is deleted or moved to a location that Cloudwork can't see, Cloudwork will perform the chosen action