The Lightweight Directory Access Protocol (LDAP) is a network protocol for querying and changing user and address data and their attributes that are stored in a database. KentixONE has an integrated LDAP client that can interact with an LDAP server on which the user and address data is stored in a database.
The LDAP client is used to import and automatically manage users and their master data. When authenticating a user imported from LDAP in KentixONE, the active security guidelines of the LDAP server apply.
LDAP server
To import data from the server into KentixONE, the IP address of the server and the port number are required. If the communication between client and server is to be encrypted, the SSL encryption mode must be set both on the server and in KentixONE. The data is organized on the LDAP server in a tree structure. An individual object in the database is uniquely identified by the Distinguished Name (DN). The base DN defines where in the tree the search for objects should be started. In addition, by activating the “Soft Delete” function, users already imported into KentixONE who are later deleted on the LDAP server are blocked instead of deleted.
Authentication
To import user data into KentixONE, the bind DN and password of an LDAP administrator are required. The bind DN tells the server who wants to perform the access.
System authorizations
Currently, two user groups created in KentixONE can be assigned to two user groups by the LDAP server. All these users have the authorizations that are assigned to the respective user group. These can be edited under the SMARTACCESS menu item. In addition to the two groups, administrators can be imported separately from the LDAP server into KentixONE.
Attributes
To import the user data into KentixONE, the type designations of the attributes of the LDAP directory must also be assigned to the corresponding attributes in KentixONE.
Synchronization
To ensure that the LDAP server and KentixONE have the same database, the two databases must be synchronized at regular intervals. A synchronization interval can be set for this purpose.
External access
External access evaluation can be activated under this menu item. As soon as external access evaluation is activated, bookings are no longer evaluated on the AccessManager.
For external evaluation, KentixONE offers the option of sending webhooks for bookings. A corresponding webhook must be configured for this. The DoorLock can be opened using the Kentix SmartAPI via an API call.
The Kentix SmartAPI documentation contains further information on the necessary parameters for the API request.
Example webhook
{
"UserRfidUid": "$USER_RFID_UID$",
"UserRfidData": "$USER_RFID_DATA$",
"UserRfidPin": "$USER_PIN$",
"DeviceWhichHasBeenBooked": "$DEVICE_ID$",
}