Show/Hide Toolbars

PerfectApps ® Help Guide

Navigation: Account Setup and Administration > Administering Account Settings

Synchronizing with a Network Directory Service

Scroll Prev Top Next More

If you manage a directory of users on your network outside of PerfectApps, you can use the synchronize option to dynamically update PerfectApps with the contents of your directory. Note that changes to users in PerfectApps cannot be migrated back to your directory at any point; synchronization is a one-way process. The PerfectApps system still maintains its database of users. For each user, only a single unique identifier (e.g., Distinguished Name or UID) is stored in its database.

 

When users log in, their credentials are verified in the Directory Service. If the authentication is successful, the user is logged in based on mapping the single identifier. If the user does not already exist in the PerfectApps database, a new user is automatically created in the PerfectApps database; this means that every user in the Directory Service is automatically a  PerfectApps user, even if there is no entry yet in the database.

 

Red_Warning

If you attempt to synchronize when using a self signed certificate the synchronization will fail. In these cases go to the Account Settings and select the option to Ignore SSL certificate errors.

 

 

Document Icon

To synch your directory to PerfectApps:

 

1.Go to the Settings Dashboard.

2.In the tree, expand Account Settings > Users > Synchronize.

3.In the details area, configure the call to the directory service. Enter the directory service's host machine IP address, port, and other connection credentials. (** See Note below)

4.The synchronize feature supports use of SSL & Global Catalog. Check the Use SSL & Use Global Catalog checkbox to permit these features. (** See Note below)

Synchronizing with a Network Directory Service - Synchronize Page

 

5.In the Look Up area, enter the context distinguished name (Context DN) from Active Directory. Optionally, specify a filter (for example, CN=a* which only returns entries where the common name starts with 'a').

6.Check the Include Subcontexts checkbox to allow reading of sublevel nodes inside the Active Directory environment.

7.In Attributes Mapping, sample attributes are supplied but you must enter the Unique ID attribute exactly as it appears in your active directory structure. The attribute name in your system is also needed for First Name, Last Name and Email (for example, userPrincipalName).

8.Optionally, you can automatically assign users to a user-group and/or position. Select the corresponding Synchronize check box under each of those sections and enter the active directory attribute name that contains that information.

9.Optionally, assign a default log-in type. Limited User is selected by default since this option does not use up a license.

10.Additional attributes can be mapped including Domain Username, Phone, Custom ID and more.

flag_green

If the page does not show all options, you may need to expand the Dashboard. To do this, click the handle on the right side of the page and drag to the right.

flag_green

Auto Synchronize is a feature only supported in the PerfectApps On-Premise version.

 

11.Click Apply Changes.

12.Click Test Connection. If your connection is not successful, you may have entered incorrect information in the Connection area. Verify your Host IP, Port, and binding.

 

flag_green

When the Directory Service's host machine is accessed from outside its internal network it should have its own external IP address or the external IP address should be forwarded to its internal IP address. The PerfectApps On Demand server will always be outside the Directory Service's host machine's network.

 

The common method of hosting LDAP directory information is to use the default LDAP or LDAPS (secure LDAP) on ports 389 or 636. These standard LDAP ports always exist on a Domain Controller (DC) and are rarely changed. Accessing this directory partition provides access to all of the objects within the domain that is hosted on the DC. There is no way to access objects from other domains using this method.

A DC can also be granted the Global Catalog (GC) role. Global Catalog (GC) role is an LDAP-compliant directory consisting of a partial representation of every object from every domain within the forest. This LDAP directory can be accessed on port 3268, with LDAPS on port 3269. LDAPS and the default LDAP ports' certificate requirements are the same.

 

 

Return to: Account Setup and Administration