Directory Synchronization - Quick Start Guide HT500 - OpenLM Software License Management
Israel +972 4 6308447         USA +1 866 806 2068        UK +44 20 8242 6492      JAPAN +81 3 45208991 担当:萩原

Directory Synchronization – Quick Start Guide HT500

 

The following is a quick start guide on how to use the Directory Synchronization components in OpenLM. For a comprehensive guide on the Directory Synchronization components and all their options, consult this article instead.

Table of Contents:

1. Install and configure DSS

2. Install and approve DSA

2.1. Assign an agent to imported syncs

3. Add a domain and sync definition

 

1. Install and configure DSS

  1. Download the Directory Synchronization Service (DSS) from here.
  2. Double-click on the DSS installer.
  3. Agree to the terms and conditions and click Next.
  4. Accept or change the default path and click Next.
  5. On the DSS login details screen, specify the credentials for the DSS administrator account that will be created then click Next.
  6. Click Finish. This opens up the DSS user interface.
  7. On the login screen, provide the credentials you entered in step 5 and click Login.
  8. Go to the Service Configuration tab.
  9. If required, change the values then click Apply:
    • OpenLM Server – IP/Hostname and Port. If Server is using SSL, make sure to specify the https protocol and enter the hostname exactly as it is on the SSL certificate.
    • DSS Server – IP/Hostname (default: http://localhost) and Port (default: 7026). The same note about hostname and SSL certificates applies as above.
  10. Open EasyAdmin (Windows Start → OpenLM → OpenLM EasyAdmin User Interface)
  11. Go to EasyAdmin Start → Administration External PlatformsDSS → click Approve.

If existing LDAP sync definitions have been detected, the migration wizard will appear on the same External Platforms → DSS window. You must choose either of the first two options before you can add new domains or syncs in DSS:

  1. Start the migration – existing LDAP synchronization definitions will be migrated to the new Directory Synchronization Service once you click Apply. Once they have been imported they will have to be assigned to an agent (see 2.1 below).
  2. Ignore old syncs – existing LDAP synchronization definitions will be ignored. You will only be able to create new sync definitions from scratch in the DSS UI. Once this option has been used, the migration wizard closes and importing old LDAP sync definitions will not be possible without extensive help from OpenLM Support.

 

2. Install and approve DSA

  1. Download the Directory Synchronization Agent (DSA) from here.
  2. Double-click on the DSA installer.
  3. Agree to the terms and conditions and click Next.
  4. Enter the appropriate details as follows then click Next:
    • Agent name – a name to recognize this agent instance in DSS.
    • Hostname – the hostname or IP of the DSS installation you configured in section 1.
    • Port – the DSS port (default: 7026).
    • Username – the username you configured in section 1.5.
    • Password – the password you set for the user in section 1.5.
  5. Accept or change the default path and click Next.
  6. Once install has finished, open the DSS user interface and open the Agent Manager tab.
  7. Hover over the agent row that is pending approval and click on the pen icon in the far-right corner.
  8. Set the status to Enabled.
  9. Click Approve.

You can now add domains and create sync definitions.

 

2.1. Assign an agent to imported syncs

If DSS has imported previous sync definitions, they will have to be assigned to an agent before they are operational.

  1. Open the DSS user interface.
  2. Click on Sync Manager.
  3. Hover over the row of the imported sync and click the pen icon in the far-right corner.
  4. Select an agent from the drop-down list.
  5. Click Save.

To assign an agent to several definitions at once:

  1. Check the box of each definition you want to assign an agent to.
  2. Click Bulk Edit.
  3. Select an agent from the drop-down list.
  4. Click Save then Yes on the confirmation pop-up.

 

3. Add a domain and sync definition

In the DSS user interface:

  1. Click on Domain Manager
  2. Click Add Domain.
  3. Enter the appropriate details as follows:
    1. Domain type – the type of the LDAP domain directory that you want to synchronize with. Currently you can select either Active Directory, eDirectory or ApacheDS
    2. Domain name – the hostname/IP of the domain controller
    3. Port – the port of the domain controller
    4. SSL – toggle if the connection to the domain controller uses SSL
    5. Username – the username of the domain controller user
    6. Password – the password of the domain controller user
  4. Click on Check domain connectivity to run a test. Select the agent configured in section 2.
  5. Click Save Domain & Add Sync to save configuration and open the Add Sync window.
  6. Enter and configure parameters as you require. Consult the full guide for an explanation of all sync parameters.
  7. Click Save when finished.

The sync will now run at the specified time. If you want to manually trigger a sync before then, go to the Sync Manager tab, check the box for the appropriate sync and click on the icon.

in Misc. OpenLM configs

Related Articles