Page History

License Statistics lets you connect to an LDAP server to access user accounts (see Automating user account creation using LDAP) and user groups you have defined in an LDAP directory (see Importing LDAP user groups).

Currently, License Statistics has been tested only with Microsoft Active Directory. You may use other LDAP directories, but they are untested with License Statistics at this time. The following instructions for setting up LDAP apply to Active Directory, but may be used as a basis for connecting to other LDAP directories.

To set up connection to LDAP:

To access LDAP configuration settings, select LDAP Configuration under the Administration section

...

. (This page is visible only for License Statistics administrator users.)

...

The following sections describe how to configure LDAP using the LDAP Configuration page. Also see Importing LDAP user groups for more details on this topic.

Setting up connection to LDAP

In the General section of the LDAP Configuration page: 

1. Enter the appropriate information for connecting to your LDAP server. An example setup is shown in the screenshot below. Also see the following section, LDAP settings, for more information.      
   
   1. LDAP Host: The hostname of the LDAP server.
   2. Port: The port for the LDAP server. The default is 389.
   3. Use SSL: Check this box if you would like to connect to your LDAP server over SSL protocol. If using SSL, see Enabling LDAP over SSL for further setup information.
      
   4. Base DN: The base DN (Distinguished Name) under which to search for users. (See Testing LDAP settings , below, for more information on obtaining the base DN.)
   5. Manager DN: The DN for the manager account to be used for initial binding (authentication).
   6. Manager Password: The password for the manager account.
      
   7. Account Domain Name: The sub-domain of the LDAP directory.
      
   8. Import Mode: The mode you specify to be able to import user groups you have defined in an LDAP directory.
      
2. Save your settings.
3. 1. 
      
4. Enter a valid username and password in the Test connection area and click Click Verify to ensure that your connection to the LDAP server works as expected. A message will indicate whether the test was successful. If the test is not successful, make the needed changes to the setup, save the changes, and retest the connection.
   Image Added
5. See v6.0 Testing LDAP settings for more information on verifying your LDAP settings.

Anchor
enableLDAPImport

...

enableLDAPImport

Enabling LDAP

...

By default, LDAP traffic is transmitted unsecured. You can, however, make LDAP traffic confidential by installing a valid certificate issued by a certificate authority (CA). The CA certificate, which contains a public key and the identity of the owner, is needed to enable encrypted communication between License Statistics and your LDAP server.

To connect over SSL:

If you want to verify that the LDAP server's certificate is properly signed:

1. Set the variable LDAP_SSL_CERTIFICATE_KEY_FILE in the License Statistics configuration file (xflicstat.cfg). This variable defines the path and filename of the CA certificate and allows the client to verify the LDAP server's certificate.
2. Leave the default settings of the variable LDAP_SSL_CERTIFICATE_VERIFY. By default, this variable is set to the "demand" value, indicating that the server certificate will be checked to verify that it is properly signed and your CA certificate, which you set in LDAP_SSL_CERTIFICATE_KEY_FILE variable, will be used to verify that.
3.   Restart License Statistics.

If you do not want to verify that the LDAP server's certificate is properly signed:

1. Set the variable LDAP_SSL_CERTIFICATE_VERIFY to "allow". This way, the connection will be allowed even if it turns out that the certificate is missing or it is not valid. In this case, setting the variable LDAP_SSL_CERTIFICATE_KEY_FILE is not obligatory.
2. Restart License Statistics.

Note: We recommend using the predefined settings and leaving the variable LDAP_SSL_CERTIFICATE_VERIFY set to "demand" so you can perform the validation of the LDAP server's certificate using your CA file.  

LDAP settings

A tool such as JXplorer is an excellent way to test your LDAP settings. Using such a tool can save a lot of time when configuring License Statistics, because you can test that credentials and other settings are correct.

You can use JXplorer to copy the DN from LDAP. To do this:

...

import

License Statistics lets you import user groups you have defined in an LDAP directory. Importing your user groups from LDAP eliminates the need to create user groups manually, which can be time consuming if you have a large number of users.  For more information, see v6.0 Importing LDAP user groups.

To enable LDAP import:

1. Check the "Enable LDAP Import" checkbox to enable importing user groups you have defined in an LDAP directory.
2. Optionally, you may enter a filter for the import to limit the data that is imported.
3. Click Verify to ensure that your connection to the LDAP server works as expected. A message will indicate whether the test was successful. If the test is not successful, make the needed changes to the setup, save the changes, and retest the connection.

Anchor
autoAcctCreationLDAP autoAcctCreationLDAP

Automating user account creation using LDAP

(separate page for this removed and relative content moved here)

You can automate License Statistics user account creation using the user accounts you already have defined in an LDAP directory.

Enabling automatic account creation using LDAP eliminates the potentially time-consuming task of adding users manually in License Statistics. With the LDAP option enabled, users simply log into License Statistics using their username and password that is stored in Active Directory.

To enable automatic user account creation using LDAP:

1. Check the "Automatic account creation using LDAP" checkbox to enable importing user groups you have defined in an LDAP directory.
2. Optionally, you may enter a filter for the import to limit the accounts that are automatically created.
3. Click Verify to ensure that your connection to the LDAP server works as expected. A message will indicate whether the test was successful. If the test is not successful, make the needed changes to the setup, save the changes, and retest the connection.

If you turn the LDAP account creation option off, and you have turned on the users who have already logged into License Statistics using their Active Directory user will retain the ability to use their login. However, no new login attempts using LDAP user accounts will be possible.

If you have enabled LDAP, when you create users you can check the Authenticate through LDAP option for user authentication (see Creating a new user in v6.0 Managing License Statistics users).

Important: If you subsequently disable LDAP, the user logins will fail

3. After copying the base DN, you can simply paste the string into License Statistic's Base DN field instead of typing it.

To learn more about LDAP, see http://en.wikipedia.org/wiki/LDAP.