Integrating LDAP Server with EZOfficeInventory

LDAP serverEZOfficeInventory also integrates with your LDAP (Lightweight Directory Access Protocol) or Active Directory servers. Users in your organization can use their LDAP credentials to access EZOfficeInventory.

CONTENTS:
What is LDAP/Active Directory?
Why integrate your Active Directory with EZOfficeInventory?
Whitelisting the IPs on your LDAP server
Configure the Basic Settings
Setting up Organizational Units/Departments
Importing/Updating users
Advanced Options
User Listing/Access Control
What information is synced when LDAP sync takes place?
Provisioning users as they access EZOfficeInventory
Sign In experience

What is LDAP/Active Directory?

LDAP or Active Directory Domain Services (AD DS) stores directory data and manages communication between users and domains, including user logon processes, authentication, and directory searches. An LDAP directory is organized in a simple “tree” hierarchy. LDAP is most commonly used in medium to large companies.

Why integrate your Active Directory with EZOfficeInventory?

Some of our customers wanted to ‘sync’ their staff database with EZOfficeInventory or wanted to avoid replicating LDAP staff members in EZOfficeInventory. For such cases, we allow an integration with LDAP servers.

Enable LDAP Server Integration from Settings -> Add Ons (see image below).

Whitelisting the IPs on your LDAP server

You may need to whitelist our IP addresses on your LDAP server. To whitelist our IPs on your Directory Server, use the following two IPs:
50.16.201.234
54.221.243.145

Basic Settings

Once enabled, you’ll see a list of settings required to complete the LDAP integration successfully. See image below: LDAP Settings

– LDAP Server: The IP address or URL of your company’s Directory Server. (Note: Make sure to fill in the correct IP address to avoid a connection error later).
– LDAP Server Port: The port on which your directory server listens to requests.
– LDAP Admin Login: This should be the complete ‘dn’ (domain component) of the admin user on your company’s directory server who is able to search through all of your directory users.
LDAP Admin Password: Password of the admin user on your directory server.
LDAP Login Attribute: The attribute that your users will use to login to their account. The default value is ‘cn’ (common name) but you can change it to any attribute e.g. ‘mail’.
– LDAP Encryption Enabled: Select this setting only if your directory server allows secure connections.

Once you’ve filled all the above settings, click ‘Verify Connection’ to ensure successful integration.

Setting up Organizational Units/Departments

Identify the organizational unit (one or more) where your EZOfficeInventory users exist. All users in that organizational unit(s) will have access to EZOfficeInventory, and any user outside the given organizational unit(s) won’t be able to log in. If you have a nested OU structure (e.g. Branding Division being an OU, which has two sub-OUs Marketing and Finance) then all the sub-OUs also need to be listed. In this example, we’ll list 3 OUs; Branding Division, Marketing, and Finance. OUs

Make sure to Save your Settings by scrolling down and hitting the Update button.

Importing/Updating users

Once your LDAP settings are in place, you can import the users from your AD using the Import button at Members tab.LDAP

You can also sync (update) the EZOfficeInventory members with your LDAP users, using the Update Existing Members option. The sync process can be automated by enabling the ‘auto syncing of users’ setting at Settings -> Add Ons -> LDAP Server Integration.

Note: A common issue for an unsuccessful import/sync process is not having Last Name and Email attributes configured in your LDAP server. Also look out for invalid users’ email addresses.

Advanced Options

Settings -> Add Ons -> LDAP Server Integration has 3 advanced options.
a) Enable auto syncing of users: Check this option to automate sync of EZOfficeInventory members with LDAP users. This sync occurs once every day.
b) Auto Disable suspended LDAP users: If selected, the users suspended in LDAP are automatically disabled in EZOfficeInventory. This ensures that EZOfficeInventory access will automatically be revoked for the users you’ve suspended in LDAP.
c) Provision all new users: If selected, users from your LDAP (selected OUs) will be automatically imported, if they aren’t present in your EZOfficeInventory members’ list.

User Listing/Access Control

If you have User listings enabled, you can map OUs to your User listings e.g. if your Marketing Department is in an OU named MKG, and the corresponding user listing is MarketingDpt, you can map MKG to MarketingDpt.
abc

Note: If you have User listings enabled from the Settings, the user listings will then also be updated as per your LDAP settings.

What information is synced when LDAP sync takes place?

Only three fields are synced – First Name, Last Name, and the email.

Provisioning users as they access EZOfficeInventory

If you don’t import or sync members as detailed above, they’ll be created in EZOfficeInventory and synced as they access.

Sign In experience

Your users can use their LDAP Credentials on your Log In screen. If you’d like to remove the ‘Login with Google’ and ‘Login with Windows’ options, you can do so from Settings -> Company Settings -> Authentication.LDAP with Asset Tracking Software

For more assistance, drop us an email at support@ezofficeinventory.com. You can also share your ideas on our Community Forum or visit our Knowledgebase and blog for updates.

Join the Conversation: Twitter | Facebook | LinkedIn