The information on this page refers to License Statistics v6.14 and newer, which introduced schema settings and expanded LDAP support to include LDAP and LDAPwith POSIX, as well as providing support for custom LDAP configuration. If you are using a version previous to v6.14, see documentation for previous versions.

To access LDAP configuration settings, select LDAP under the Administration section. (This page is visible only for License Statistics administrator users.) The following sections describe how to configure LDAP using the configuration page. Also see Importing LDAP user groups for more details on this topic.

Setting up a connection to LDAP

To set up a connection to LDAP, in the General section of the LDAP configuration page: 

  1. Enter the appropriate information for connecting to your LDAP server. An example setup is shown in the screenshot below.   
    1. Directory type: Select from Active Directory (default), LDAP, or LDAP with POSIX. Your selection will populate the schema settings with the defaults for that selection, which can then be customized if needed.
    2. Hostame: The hostname of the LDAP server.
    3. Port: The port for the LDAP server. The default is 389.
    4. Use SSL: Check this box if you would like to connect to your LDAP server over SSL protocol. If using SSL, see Enabling LDAP over SSL for further setup information.
    5. Base DN: The base DN (Distinguished Name) under which to search for users and groups. (See Testing LDAP settings for more information on obtaining the base DN.)
    6. Manager DN: The DN for the manager account to be used for initial binding (authentication).
    7. Manager Password: The password for the manager account.

  2. Click Verify to ensure that your connection to the LDAP server works as expected. A message will indicate whether the test was successful. If the test is not successful, make the needed changes to the setup, save the changes, and retest the connection. (See Testing LDAP settings for more information on verifying your LDAP settings.)



  3. Click Save at the bottom of the LDAP page to save the LDAP configuration.

Enabling LDAP import

License Statistics lets you import user details and groups you have defined in an LDAP directory. Importing your user groups from LDAP eliminates the need to create user groups manually, which can be time consuming if you have a large number of users. For more information, see Importing LDAP user groups.

To enable LDAP import:

  1. Check the "Enable LDAP Users Import" checkbox to enable importing user groups you have defined in an LDAP directory.
  2. Optionally, you may enter a filter for the import to limit the data that is imported.
  3. Enter/edit the schema settings if needed for your configuration.
  4. Click Verify to ensure that your connection to the LDAP server works as expected. A message will indicate whether the test was successful. If the test is not successful, make the needed changes to the setup, save the changes, and retest the connection.
  5. Click Save at the bottom of the LDAP page to save the LDAP configuration.


Note that not all users matching the Base DN will be imported, but only those that were already monitored by License Statistics. Also, a group will be imported from LDAP only if it contains at least one user that is monitored by License Statistics.

Example:

Say you have the following users and groups in your configuration:

  • User1 belongs to Group1 and Group2 in LDAP, and is monitored by License Statistics
  • User2 belongs to Group2 and Group3 in LDAP, but is not monitored by License Statistics

Given this scenario, License Statistics will import:

  • User1 with his LDAP details
  • Group1 with member User1
  • Group2 with member User1

License Statistics will not import:

  • User2
  • Group3


Enabling LDAP authentication

You can enable License Statistics user authentication and optionally allow for automated License Statistics user account creation using the user accounts you already have defined in an LDAP directory.

Enabling account creation using LDAP eliminates the potentially time-consuming task of adding users manually in License Statistics. With the LDAP option enabled, users simply log into License Statistics using their username and password that is stored in Active Directory, regardless whether the user has an account in License Statistics.

If LDAP authentication is enabled, you can also use LDAP authentication when creating new users.

To enable user authentication using LDAP:

  1. Check the "Enable LDAP Authentication" checkbox

  2. Optionally, you can enter a filter that limits the accounts that are allowed to authenticate and are automatically created.

    Default query with empty optional filter and username foo:

    &(objectClass=user)(sAMAccountName=foo)

      

    Query with optional field applied (filter value: memberOf=admin) and username bar:

    &(&(objectClass=user)(sAMAccountName=bar))(memberOf=admin)

      


  3. Optionally, check the "Enable automatic account creation using LDAP" checkbox if you want to automatically create accounts using LDAP.

    If "Enable LDAP Authentication" is selected and "Enable automatic account creation using LDAP" is not selected (which is the default), all users that have accounts connected to LDAP will be authenticated, but no new accounts will be created, even if the LDAP credentials are valid.

    Similarly, if you disable LDAP authentication, users who have already logged into License Statistics using their Active Directory will retain the ability to use their login, but no new login attempts using LDAP user accounts will be possible.


  4. Enter/edit the schema settings if needed for your configuration.
  5. Click Verify to ensure that your connection to the LDAP server works as expected. A message will indicate whether the test was successful. If the test is not successful, make the needed changes to the setup, save the changes, and retest the connection.
  6. Click Save at the bottom of the LDAP page to save the LDAP configuration.