![\"screen1083\"](\"https:\/\/twproject.com\/support\/wp-content\/uploads\/screen1083.jpg\")
<\/p>\nNative LDAP integration allows several operations:<\/p>\n
1) user import \u201cby hand\u201d: there is a procedure for importing users from an LDAP server (including Microsoft Active Directory \u00a9), which may be used even if authentication through LDAP is not enabled; it is of course necessary if it is enabled, because the users in Twproject must exist in all cases.<\/p>\n
2) user import from a scheduled job:<\/p>\n
3) authentication from the LDAP server<\/p>\n
<\/p>\n
Since version 4.5, you can now enable LDAP with fallback to Twproject internal authentication in case of LDAP login failure.<\/p>\n
First of all, you must setup the LDAP basic parameters; go to \u201cLdap integration\u201d from the administration page:<\/p>\n
![\"screen1084\"](\"https:\/\/twproject.com\/support\/wp-content\/uploads\/screen1084.jpg\")
<\/p>\n
By checking LDAP radio button you will have to configure LDAP parameters.<\/p>\n
Note: LDAP is a language with several dialects. Hence we provide out of the box some variants on the language, in different configuration files. The variants provided are:<\/p>\n
\u00b7 Active Directory (\u00a9Microsoft Corp.)<\/strong>: \u00b7 Apache Directory Server<\/strong>: \u00b7 OpenLdap<\/strong>: One may add properties files here, and they will be available in the global configuration combo.<\/p>\n Notice also that both \u201c1.0\u201d and \u201c2.0\u201d LDAP queries should work.<\/p>\n A nice feature is:<\/p>\n That allows Twproject to create LDAP validated user at its first login.<\/p>\n Example configuration with Active Directory:<\/p>\n Example configuration with Apache Directory:<\/p>\n Example configuration with OpenLDAP:<\/p>\n In order to enable authentication you MUST have users created in Twproject. You may proceed by importing them manually or by scheduling an import.<\/p>\n There is a comfortable procedure for importing users by hand, which also lets you configure the imported users rights from the point of view of Twproject: if you\u2019ve set up the LDAP parameters, then go to admin page an follow \u201cLDAP integration – import users\u201d.<\/p>\n Here you can select the CN groups in which to search users, and once found some, pick those you want to import.<\/p>\n For every picked user, you can decide whether to make it a Twproject administrator, or set on her\/him other area-global roles.<\/p>\n LDAP roles are not mapped into Twproject as the business logic behind them is quite different; customized behavior can be developed on demand.<\/p>\n Users will be put on the area you pick.<\/p>\n \u201cupdate existing users\u201d<\/b> will update non security related data on existing users.<\/p>\n \u201cset password for import users\u201d<\/b>: this is the Twproject password that will be set on imported users, in case LDAP authentication is off. If leaved empty, a password equal to the login name will be set.<\/p>\n Consider that complex LDAP structure could be “complex” to filter, you could use a LDAP explorer tools to navigate the structure and identify the wanted users. The eventually mapped additional properties are listed in a ldap.properties file, in<\/p>\n [web app root]\/commons\/settings\/ldap\/[the chosen one].properties<\/p>\n The sample ones mapped are:<\/p>\n PHONE=telephoneNumber<\/p>\n COUNTRY=co<\/p>\n STATE=st<\/p>\n CITY=l<\/p>\n ZIP=postalCode<\/p>\n MOBILE=mobile<\/p>\n You can add your own, compliant with your LDAP dialect.<\/p>\n From LDAP user import click on button “see\/add scheduled import”<\/p>\n Click on \u201ccreate schedule\u201d<\/p>\n First box contains data about job scheduling the right box data about your LDAP.<\/p>\n default pwd: this is the Twproject password that will be set on imported users, in case LDAP authentication is off. If leaved empty, a password equal to the login name will be set.<\/p>\n Change the repetition on your needs<\/p>\n <\/p>\n 1) You may have enabled LDAP authentication, but didn\u2019t import any user. Proceed as follows:<\/p>\n 2) stop Twproject<\/p>\n 3) go to [your root]webapps\/ROOT\/commons\/settings, open the file global.properties, remove the property 4) restart Twproject<\/p>\n We login with our LDAP accounts, but nobody is administrator any more.<\/i><\/p>\n If you imported the users \u201cby hand\u201d, not with the scheduled job, you should have selected the \u201cadministrator\u201d checkbox for at least one user. To fix this, you must temporarily disable LDAP authentication, as in the FAQ above, enter with the original Twproject administrator login, enable the administrator checkbox on some users, and then re-enable LDAP authentication.<\/p>\n You may have forgot to set LDAP as authentication modality: log in with the original Twproject administrator login, go to tools -> administration -> global settings, select the LDAP authentication radio:<\/p>\n and then save.<\/p>\n","protected":false},"excerpt":{"rendered":" Native LDAP integration allows several operations: 1) user import \u201cby hand\u201d: there is a procedure for importing users from an LDAP server (including Microsoft Active Directory \u00a9), which may be used even if authentication through LDAP is not enabled; it is of course necessary if it is enabled, because the users in Twproject must exist […]<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":2383,"menu_order":26,"comment_status":"closed","ping_status":"open","template":"","meta":{"footnotes":""},"class_list":["post-2617","page","type-page","status-publish","hentry"],"yoast_head":"\n
\nin the file[web app root]\/commons\/settings\/ldap\/activeDirectory.properties<\/p>\n
\nin the file[web app root]\/commons\/settings\/ldap\/apacheDirectory.properties<\/p>\n
\nin the file[web app root]\/commons\/settings\/ldap\/openLdap.properties<\/p>\n![\"\"](\"https:\/\/twproject.com\/support\/wp-content\/uploads\/2014\/02\/clip_image0073.jpg\" "\\"\\"")
<\/p>\n![\"\"](\"https:\/\/twproject.com\/support\/wp-content\/uploads\/2014\/02\/clip_image0094.jpg\" "\\"\\"")
<\/p>\n![\"\"](\"https:\/\/twproject.com\/support\/wp-content\/uploads\/2014\/02\/clip_image0113.jpg\" "\\"\\"")
<\/p>\n![\"\"](\"https:\/\/twproject.com\/support\/wp-content\/uploads\/2014\/02\/clip_image0131.jpg\" "\\"\\"")
<\/p>\n![\"screen1085\"](\"https:\/\/twproject.com\/support\/wp-content\/uploads\/screen1085.jpg\")
\nOnce you have inserted values you can check the configuration by using the test button.<\/p>\nImporting users by hand<\/h2>\n
![\"\"](\"https:\/\/twproject.com\/support\/wp-content\/uploads\/ldap-import-user.png\")
<\/p>\n![\"screen1087\"](\"https:\/\/twproject.com\/support\/wp-content\/uploads\/screen1087.jpg\")
<\/p>\n![\"screen1088\"](\"https:\/\/twproject.com\/support\/wp-content\/uploads\/screen1088.jpg\")
<\/p>\n
\nHere some tools:
\na free generic one: \u00a0http:\/\/jxplorer.org\/<\/a>
\nor for Active Directory:\u00a0http:\/\/technet.microsoft.com\/en-us\/sysinternals\/bb963907.aspx
\n<\/a>There are several resources available online for helping with filter syntax.
\n<\/span>Here some starting points:
\nhttp:\/\/www.google.com\/support\/enterprise\/static\/postini\/docs\/admin\/en\/dss_admin\/prep_ldap.html
\n<\/a>http:\/\/msdn.microsoft.com\/en-us\/library\/aa746475(v=vs.85).aspx<\/a><\/p>\nAdditional properties<\/h2>\n
Scheduling user import<\/h2>\n
![\"screen1089\"](\"https:\/\/twproject.com\/support\/wp-content\/uploads\/screen1089.jpg\")
<\/p>\n![\"\"](\"https:\/\/twproject.com\/support\/wp-content\/uploads\/import-ldap-job.png\")
<\/p>\nHELP! I can\u2019t login into Twproject anymore!<\/i><\/h2>\n
\nAUTHENTICATION_TYPE=ENABLE_LDAP_AUTHENTICATION<\/p>\nHELP! I\u2019ve setup LDAP parameters and successfully imported the users, but they can\u2019t login!<\/i><\/h2>\n
<\/p>\n