Ldap import for active directory, Ldap import utility, Ldap synchronization task for active directory – Keri Systems Doors.NET Manual User Manual
Page 92
Doors.NET Reference Manual
- 92 -
LDAP Import for Active Directory
The LDAP Import feature has two parts: a stand-alone LDAP Import utility and an LDAP
Synchronization Task that runs continuously to keep the Doors.NET Cardholder data-
base synchronized with the Active Directory Users database.
The LDAP Import Utility is used to import Active Directory Users into Doors.NET and to
configure settings used by the LDAP Synchronization Task.
LDAP Import Utility includes the following features, requirements, and restrictions:
LDAP Import Utility
l
Selective AD User Import – selective import of AD Users based on membership in
AD Security Groups
l
Mapped Access Rights Assignment – automatic assignment of Cardholder access
rights based on mappings of AD Security Groups to Doors.NET Access Groups
l
Card Number + Facility Code Import – import card numbers + facility codes by
entering values in mapped fields of each AD User
l
Disabled AD User Accounts – after disabling AD User Account, based on “Dis-
abled AD User” configuration setting, automatically disables or deletes all cards for
corresponding Doors.NET Cardholder
l
Deleted AD User Accounts – after deleting AD User Account, based on “Deleted
AD User” configuration setting, automatically disables or deletes all cards for cor-
responding Doors.NET Cardholder
l
Photo Import – imports AD User photo from Microsoft Exchange if image is ref-
erenced by AD User field “thumbnailPhoto”
l
Allows operator to map AD User attributes to Doors.NET Cardholder fields
l
Saves field mappings for later use by LDAP Synchronization Task
l
Runs on any Windows PC with .NET Framework v3.5, requires network con-
nectivity to Doors.NET Application Server and AD Domain Controller
l
Operator must be System Administrator on both AD Domain Controller and Door-
s.NET Application Server or LDAP Import Utility will refuse to run
LDAP Synchronization Task for Active Directory
The LDAP Synchronization Task will detect and sync changes between Active Directory
Users and Doors.NET Cardholders. Only one direction of sync is supported: either from
Active Directory to Doors.NET or from Doors.NET to Active Directory. The system oper-
ator chooses sync direction by running the LDAP Import Utility and specifying all LDAP
Import configuration settings.