# Configure LDAP Sync User

To configure the LDAP user synchronization, open snap-in Authentication/LDAP sync user in the administration area of your 4ALLPORTAL:

The values set here are stored in file {name}.xml (like given in snap-in field "LDAP sync user"), folder custom/global/authentication_provider/ldap_sync_user.

The following table describes the snap-in fields that are required to configure a synchronization.

Field Attribute Type Description
LDAP sync user name string Give a unique name for this synchronization configuration.
Active (switch) enabled default: true Allows to disable this synchronization process, if it should not run for some reason.
LDAP authentication provider ldap_authentication_provider string Name of the corresponding LDAP authentication provider (opens new window). Multiple sync configurations are allowed for one LDAP provider, because the user pattern may be different.
Cron cron string Defines when to start the job.
Examples:

0 0 0 * * ? - every midnight
0 */5 * * * ? - every 5 minutes

For the syntax refer CronExpression (external link) (opens new window).
User filter user_search_filter string Filter to search for users. Depends on the LDAP service.
Example for Active Directory:
 (&(objectCategory=person)
    (samAccountType=805306368)
    (UserAccountControl:1.2.840.113556.1.4.803:=512)
    (!(UserAccountControl:1.2.840.113556.1.4.803:=2))
  )
Manager username manager_user string Enter the user for the LDAP bind (login). If not set, use the manager username from your LDAP configuration.
Manager password manager_password string Enter the password for the LDAP bind (login). If not set, use the manager password from your LDAP configuration.
  • Save your configuration and reload the system.
  • A corresponding XML file is automatically stored in your file system.
  • Your configuration (if enabled) applies for the first time as defined in field "Cron".
  • After synchronization, you will see the new users in your User module.

It is not necessary to change any further configuration in your basic LDAP configuration.

# Configuration Example

A stored XML file looks like this:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ldap_sync_user>
    <enabled>true</enabled>
    <ldap_authentication_provider>ad_4allportal1</ldap_authentication_provider>
    <cron>0 */5 * * * ?</cron>
    <user_search_filter>(&amp;(objectCategory=person)(samAccountType=805306368)(UserAccountControl:1.2.840.113556.1.4.803:=512)(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))</user_search_filter>
    <manager_user>TEST_USER</manager_user>
    <manager_password>TEST_PASSWORD</manager_password>
</ldap_sync_user>

If you want to use this example configuration, make sure to change:

  • <ldap_authentication_provider>: This entry depends on example LDAP configuration ad_4allportal1.
  • <cron>: This definition will synchronize every five minutes, which only makes sense for testing purposes.
  • <user_search_filter>: These parameters are for an Active Directory and may differ for other directory services. They may be changed to create users only for parts of the directory.
  • <manager_user> and <manager_password>

Installation of LDAP Sync User

Request missing documentation