LDAP
The Lightweight Directory Access Protocol (LDAP) enables the integration of external user directories into KentixONE. Through the LDAP configuration, users and their permissions can be automatically imported and synchronized from an LDAP server. This function significantly simplifies user management in larger organizations.
Server Settings
In this area, the basic connection parameters to the LDAP server are configured. Here you set the server address, port, and encryption settings.
Server Address and Port
Enter the IP address or hostname of the LDAP server as well as the corresponding port number. The standard port for LDAP is 389, for LDAP over SSL/TLS port 636 is typically used.
Encryption
For secure communication between KentixONE and the LDAP server, SSL/TLS can be activated. This encrypts all transmitted data and protects against unauthorized eavesdropping.
When using SSL/TLS, both the LDAP server and KentixONE must be configured accordingly. Make sure that the certificates are correctly installed.
Base-DN
The Base-DN (Distinguished Name) defines the starting point for searching user objects in the LDAP directory structure. All users must be located below this hierarchy level.
Soft Delete
When this option is enabled, users that have been deleted on the LDAP server are not deleted in KentixONE, but only disabled. This prevents data loss from accidental deletions.
Authentication
For access to the LDAP server, KentixONE requires appropriate credentials. These are stored in the form of a Bind-DN and the associated password.
Bind-DN
The Bind-DN identifies the user under whose identity KentixONE accesses the LDAP server. This user must have the necessary permissions to read the user directories.
Password
The password for the user specified in the Bind-DN. Make sure this password is secure and regularly updated.
The Bind-DN credentials are stored encrypted in the KentixONE database.
System Permissions
Here, LDAP user groups are mapped to the corresponding KentixONE user groups. This enables automatic rights assignment based on group membership in the LDAP directory.
User Group Mapping
Currently, two LDAP user groups can be mapped via KentixONE user groups. All imported users automatically receive the permissions of their respective group.
Administrator Import
Administrators can be imported separately from the LDAP server and provided with extended rights. These users receive administrative permissions regardless of their group membership.
The permissions of user groups can be adjusted at any time under the "User Management" menu item.
Attributes
The attribute mapping defines which information from the LDAP directory is transferred to which fields in KentixONE. This mapping configuration is essential for successful user import.
Standard Attributes
Configure here the mapping of standard LDAP attributes such as username, first name, last name, and email address to the corresponding fields in KentixONE.
Extended Attributes
Additional user information such as phone number, department, or other organizational data can also be mapped, provided they are available in the LDAP schema.
The attribute names must match exactly with the designations in the LDAP schema. Case sensitivity must be observed.
Synchronization
Automatic synchronization ensures that changes in the LDAP directory are regularly adopted in KentixONE. This includes new users, changed information, and deleted accounts.
Synchronization Interval
Define at what intervals the synchronization should be performed automatically. A shorter interval provides more current data, but can increase system load.
Manual Synchronization
In addition to automatic synchronization, manual synchronization can be started at any time to immediately adopt changes.
Regular automatic synchronization is recommended to ensure that user data remains consistent in both systems.