The information on this page refers to License Statistics v6.14 and newer, which introduced schema settings and expanded LDAP support to include LDAP and LDAPwith POSIX, as well as providing support for custom LDAP configuration. If you are using a version previous to v6.14, see documentation for previous versions. |
To access LDAP configuration settings, select LDAP under the Administration section. (This page is visible only for License Statistics administrator users.) The following sections describe how to configure LDAP using the configuration page. Also see Importing LDAP user groups for more details on this topic.
To set up a connection to LDAP, in the General section of the LDAP configuration page:
License Statistics lets you import user details and groups you have defined in an LDAP directory. Importing your user groups from LDAP eliminates the need to create user groups manually, which can be time consuming if you have a large number of users. For more information, see Importing LDAP user groups.
To enable LDAP import:
Note that not all users matching the Base DN will be imported, but only those that were already monitored by License Statistics. Also, a group will be imported from LDAP only if it contains at least one user that is monitored by License Statistics. Example: Say you have the following users and groups in your configuration:
Given this scenario, License Statistics will import:
License Statistics will not import:
|
You can enable License Statistics user authentication and optionally allow for automated License Statistics user account creation using the user accounts you already have defined in an LDAP directory.
Enabling account creation using LDAP eliminates the potentially time-consuming task of adding users manually in License Statistics. With the LDAP option enabled, users simply log into License Statistics using their username and password that is stored in Active Directory, regardless whether the user has an account in License Statistics.
If LDAP authentication is enabled, you can also use LDAP authentication when creating new users.
To enable user authentication using LDAP:
Optionally, you can enter a filter that limits the accounts that are allowed to authenticate and are automatically created.
Default query with empty optional filter and username foo:
Query with optional field applied (filter value: memberOf=admin) and username bar:
|
Optionally, check the "Enable automatic account creation using LDAP" checkbox if you want to automatically create accounts using LDAP.
If "Enable LDAP Authentication" is selected and "Enable automatic account creation using LDAP" is not selected (which is the default), all users that have accounts connected to LDAP will be authenticated, but no new accounts will be created, even if the LDAP credentials are valid. Similarly, if you disable LDAP authentication, users who have already logged into License Statistics using their Active Directory will retain the ability to use their login, but no new login attempts using LDAP user accounts will be possible. |