Version: 2024 R1

LDAP server

The synchronization with the data source located on the LDAP server. The configuration window for synchronizing user list with this data source type is split into four tabs, each of which is described below.

Settings

The tab allows you to select additional information saved in the WEBCON BPS database.

1. Server

The address used by the WEBCON BPS platform to connect with the LDAP server in order to access a directory.

2. Port

Port used for communication with the server defined in the Server field.

3. Base node

The field enables defining the initial point in the directory hierarchy from which all the searching operations begin.

4. Page size

The field allows you to define the number of users or groups to be retrieved at once during connection with the LDAP server.

5. Authentication

The drop-down list allows you to choose the method for logging into the LDAP server. There are two options available:

Anonymous – enables you to connect with server anonymously,
Connect using given data – defines the data of the user who establishes a connection with the LDAP server. Once you select this option, the fields for Login and Password become active. In these fields, you need to provide the username in the proper format (e.g., CN=Joe Shmoe,OU=Webcon crew,DC=webcon,DC=pl) and the corresponding password.

6. Use SSL/TLS connection (LDAPS)

Selecting the checkbox results in establishing connection that is encrypted by the SSL/TLS (LDAPS) layer.

7. Protocol version

The field becomes active after selecting the Use SSL/TLS connection (LDAPS) checkbox. The drop-down list allows you to select one out of two available protocol versions: LDAPv2 and LDAPv3.

8. Connection timeout seconds

The field defines the maximum time available for connecting with the LDAP server when the SSL/TLS encryption is used.

9. LDAP user object type

The field contains the name of a user who is authorized to search the LDAP directory. Such a user acts as a proxy in connecting with the LDAP server and searching information.

10. LDAP group object type

The field contains the name of the group authorized to search the directory.

Mappings

The tab allows you to define which attributes from the LDAP server correspond with specific attributes in the local database. This enables the system to map information between the LDAP data source and the WEBCON BPS system in a consistent and accurate manner.

1. Required attributes

The table contains attributes which as a result of synchronization must be available for users to be correctly configured in the local BPS system. The Cache property column refers to the attribute in the local database which will store such information. On the other hand, the LDAP property column defines which LDAP server attribute is mapped onto the property in the local database. Additionally, the Prefix column enables you to define a prefix added to the synchronized user login.

2. Optional attributes

The table allows you to define additional attributes which can be synchronized from the LDAP server, but are not required. Similarly to the Required attributes table, the Cache property column refers to the attribute stored in the local database, whereas the LDAP property column indicates which LDAP server attribute is to be mapped.

Schedule

The tab allows you to specify when the synchronization is to be executed. To maintain an optimal level of data currency within the WEBCON BPS platform, it is recommended to perform synchronization several times a day.

LDAPSchedule

1. Hours during which full user synchronization is activated

The field allows you to define the time at which full user synchronization is executed. This involves retrieving and updating all the data pertaining to groups and users, regardless of whether the data has changed since the last synchronization.

2. Hours during which incremental user synchronization is activated

The field enables you to specify the timing for incremental synchronization. In this mode, data related to groups and users is updated differentially, meaning only the data of objects (users and groups) whose properties have been modified since the last synchronization is updated. The incremental synchronization also updates the status of added or deleted objects. For optimal performance, it's advised to set this mode as the default one.

Advanced

The tab offers the choice of two synchronization types: Synchronize the user list and Synchronize the user list in Debug mode (in contrast to the synchronization with the Active Directory or Azure Active Directory data source, it is possible to execute only full synchronization) and enables filtering searching results and defining error codes that interrupt synchronization.

By setting up a filter, only users and groups that meet its criteria are synchronized. Additionally, dependent objects of these users and groups (such as groups to which a user or their superior belongs) are also synchronized. In the case of dependent objects, the filter is not applied.
The filter applies to every synchronization type. When limiting synchronization to the selected organizational units, the filter is added to the filter for the specified unit.

2. Error codes causing synchronization interruption

The list of error codes that interrupt user synchronization.

info

The full list of codes is available here. All other error codes do not result in interrupting the user synchronization (the synchronization is completed with an error and the respective information is registered in the log).

3. Synchronize the user list

The section provides two buttons:

Incremental synchronization – the user and group data is updated differentially. This means that the system synchronizes only the data of those objects (users and groups) whose properties have been changed since the last synchronization. The incremental synchronization also updates the status of added and removed objects. For optimal performance, it is advised to use this mode as the default one.
Full synchronization – the system retrieves and updates full data on all groups and users, regardless of whether it has changed since the last synchronization or not.

caution

Full synchronization may require significantly more time compared to the incremental method. It is advised to employ this mode only when it is duly justified.

4. Synchronize the user list in Debug mode

The synchronization in the Debug mode allows you to collect additional information on the progress of synchronization. During the synchronization the log registers detailed diagnostic information due to which the synchronization can take more time. The Debug mode enables detailed analysis of individual synchronization steps and should be applied only for diagnostic purposes. Like in the case of standard synchronization mode, there are buttons provided for executing full and incremental synchronization.
Furthermore, the Selected users synchronization – Debug button enables synchronization of a single user by entering their BPS ID.

LDAP server

Settings​

1. Server​

2. Port​

3. Base node​

4. Page size​

5. Authentication​

6. Use SSL/TLS connection (LDAPS)​

7. Protocol version​

8. Connection timeout seconds​

9. LDAP user object type​

10. LDAP group object type​

Mappings​

1. Required attributes​

2. Optional attributes​

Schedule​

1. Hours during which full user synchronization is activated​

2. Hours during which incremental user synchronization is activated​

Advanced​

1. Additional search filter to use during synchronization​

2. Error codes causing synchronization interruption​

3. Synchronize the user list​

4. Synchronize the user list in Debug mode​