You can configure and test connections from the KACE SMA to an external LDAP server.
1. |
a. |
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information. |
b. |
c. |
2. |
Enable local authentication (the default). If local authentication is enabled, the password is authenticated against the existing entries in the local database at Settings > Users. | |
Enable external user authentication using an LDAP server or Active Directory server. If LDAP Authentication is enabled, the password is authenticated against the external LDAP server. For assistance with authentication, contact Quest Support at https://support.quest.com/contact-support. |
Modify the server definition. For information about the fields in this section, see Table 5. | |
4. |
6. |
a. |
b. |
c. |
In the Advanced Search: box, replace KBOX_USER with the username to test. The syntax is sAMAccountName=username. |
d. |
e. |
There are two ways to import user information:
1. |
a. |
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information. |
b. |
c. |
NOTE: Use the LDAP Browser to specify the Search Base DN and Search Filter. See Use the LDAP Browser. |
| |||
The LDAP port number, which is usually 389 (LDAP) or 636 (secure LDAP). | |||
The criteria used to search for accounts. OU=end_users,DC=company,DC=com. | |||
The search filter. For example: (&(sAMAccountName=KBOX_USERNAME)(memberOf=CN=financial,DC=example,DC=com)) | |||
The password of the account the KACE SMA uses to log in to the LDAP server. |
Specify the LDAP attributes to retrieve. For example:
| |||
Enter a label attribute. For example: memberof. | |||
Enter the label prefix. For example: ldap_ The label prefix is a string that is added to the beginning of all the labels. | |||
Enter the binary attributes. For example: objectsid. Binary attributes indicates which attributes should be treated as binary for purposes of storage. | |||
4. |
5. |
In the drop-down list next each attribute, select the value to use for KACE SMA User attributes during import. Values in the drop-down list are the values specified in the Attributes to retrieve field on the previous page. |
The identifier for the user. Recommended value: objectguid. | |||
|
Not used in the KACE SMA 6.4 release. Recommended value: No Value. |
6. |
Optional: In the Role drop-down list, select the role for the imported users. See Add or edit User Roles. |
7. |
Optional: In the Labels drop-down list, select the label to apply to imported users. See About labels. |
8. |
In the Search Results section below the attribute mapping drop-down lists, verify that the list of users to import is correct, and the information listed for each user is what you expect. To refine your search, click the Back button and revise the search parameters and attributes. |
9. |
10. |
11. |
The Users page appears, and the imported users appear on the list. The imported users can access the features of the Administrator Console, User Console based on the role to which they are assigned.
To keep user data current, schedule regular user data imports from your LDAP server.
1. |
a. |
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information. |
b. |
c. |
2. |
Select LDAP Authentication, then click the Schedule button |
The following Read Only Administrator Server Details are displayed:
| |||
The LDAP port number, which is usually 389 (LDAP) or 636 (secure LDAP). | |||
The criteria used to search for accounts. OU=end_users,DC=company,DC=com. | |||
The search filter. For example: (&(sAMAccountName=KBOX_USERNAME)(memberOf=CN=financial,DC=example,DC=com)) | |||
The password of the account the KACE SMA uses to log in to the LDAP server. |
Specify the LDAP attributes to retrieve. For example:
| |||
Enter a label attribute. For example: memberof. | |||
Enter the label prefix. For example: ldap_ The label prefix is a string that is added to the beginning of all the labels. | |||
Enter the binary attributes. For example: objectsid. Binary attributes indicates which attributes should be treated as binary for purposes of storage. | |||
4. |
5. |
6. |
Run daily at a specified time, or run on a designated day of the week at a specified time. | |||||||||||
Run on the nth of every month/specific month at HH:MM |
Run on the nth day every month, (for example, the first or the second) day of every month, or a specific month, at the specified time. | ||||||||||
Run on the nth weekday of every month/specific month at HH:MM |
Run on the specific weekday of every month, or a specific month, at the specified time. | ||||||||||
Run according to a custom schedule. Use standard 5-field cron format (extended cron format is not supported): Use the following when specifying values:
| |||||||||||
Click to view the task schedule. The Task Schedule dialog box displays a list of scheduled. Click a task to review the task details. For more information, see View task schedules. |
7. |
Click Next to display the User Import: Schedule - Define mapping between User attributes and LDAP Attributes page. |
8. |
In the drop-down list next each attribute, select the value to use for KACE SMA User attributes during import. Values in the drop-down list are the values specified in the Attributes to retrieve field on the previous page. |
The identifier for the user. Recommended value: objectguid. | |||
|
Not used in the KACE SMA 6.4 release. Recommended value: No Value. |
9. |
Optional: In the Role drop-down list, select the role for the imported users. See Add or edit User Roles. |
10. |
If you want the selected role to be a default role for new roles, select the Make default check box. |
11. |
Optional: In the Labels drop-down list, select the label to apply to imported users. See About labels. |
12. |
In the Search Results section below the attribute mapping drop-down lists, verify that the list of users to import is correct, and the information listed for each user is what you expect. To refine your search, click the Back button and revise the search parameters and attributes. |
13. |
14. |
◦ |
Click Back to change settings. |
◦ |
Click Import to save the schedule and import user information immediately. The import begins, and the schedule is set to run according to the options selected in Scheduling section. |
◦ |
Click Finish to save the schedule without importing user information. The schedule is set to run according to the options selected in the Scheduling section. |
© 2021 Quest Software Inc. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy