Skip to main content

 

Druva Documentation

Register your AD/LDAP

inSync Cloud Editions: File:/tick.png Elite Plus File:/tick.png Elite File:/cross.png Enterprise File:/tick.png Business

Overview

If you want to use Active Directory (AD) or Lightweight Directory Access Protocol (LDAP) to manage your inSync users, you must first register that AD/LDAP with inSync. The AD/LDAP registration involves a two-step process.

Step 1 Provide the host name of the AD/LDAP server and the port number to access the AD/LDAP.
Step 2 

Establish a connection between a registered AD/LDAP Server and the AD/LDAP connector for importing user details from that AD/LDAP. When you establish a connection, you provide the AD/LDAP Server credentials that has read-only permissions on the inSync Connector. These credentials are saved in an encrypted format in the inSyncADConnector.cfg file for that inSync Connector.

Note: inSync Master requires read-only access to your AD/LDAP so that it can fetch the user details that it requires from your AD/LDAP. inSync does not fetch user credentials. inSync fetches only user details, such as email, name, department, country code, logon name.

Before you begin

Before you begin, ensure that you have the following information about your AD/LDAP:

  • The host name of the server where the global catalog server or the domain controller of the AD/LDAP is available.
  • The port number to access the AD/LDAP.
  • The AD/LDAP Server credentials to access the AD/LDAP. inSync Master requires read-only access to your AD/LDAP so that it can fetch the user details that it requires from your AD/LDAP. inSync does not fetch user credentials.
  • If you are registering LDAP server as the directory service, you must provide value for equivalent ldap attributes for mapping the user in inSync.

Step 1 of 2: Register your AD/LDAP

You can register either of the following:

  • Register the global catalog server of your AD/LDAP. Registering a global catalog server is advantageous for organizations that have geographically-distributed offices. This allows you to import users from different domains to the same profile.
  • The domain controller of your AD/LDAP. Registering a domain controller is advantageous for smaller organizations that have only one office.

Procedure

To register your AD/LDAP with inSync Master

  1. On the inSync Management Console menu bar, click Manage > Deployments > AD/LDAP. AD/LDAP page appears.
  2. Click the Accounts tab. List of all the registered AD/LDAP Accounts is displayed.
  3. Click Register AD/LDAP Account. The Register AD/LDAP Account window appears.
  4. Provide the appropriate information for each field.
    Field  Description
    Directory Service Type

    Select the directory service type that you want to register with inSync Cloud. Available directory service types are as follows:

    • Microsoft AD 
    • LDAP (others), are other services using LDAP protocol, including OpenLDAP - an open-source implementation.
    AD Connector Click the name of the inSync Connector that inSync must use to connect your AD/LDAP with inSync Cloud.
    Host Type the host name of the server where the global catalog or the domain controller is available.
    Port

    Type the port number required to access your AD/LDAP.  

    If you are registering the AD/LDAP by using its domain controller details, you must use 636 as the port number for a secure connection or 389 as the port number for a non-secure connection.

    If you are registering the AD/LDAP by using Global Catalog server details, you must use 3289 as the port number for a secure connection or 3268 as the port number for a non-secure connection.

    Use secure connection If you want to access your AD/LDAP through an HTTPS connection, select this check box.
    If you are registering LDAP as the Directory Service, you must enter the following Attribute Mapping details.
    Email Type the LDAP attribute for email, that should map to inSync email address.
    inSync Username Type the LDAP attribute that should map to inSync username.
    Logon Name This is the distinguished name of the user. This is used as username for LDAP based authentication.
  5. Click Ok.
    The AD/LDAP is registered with inSync Master.

Step 2 of 2: Establish a connection between the AD/LDAP Server and the inSync Connector

You must establish a connection between a registered AD/LDAP Server and the inSync Connector for importing user details from that AD/LDAP. inSync Master requires read-only access to your AD/LDAP so that it can fetch the user details that it requires from your AD/LDAP. inSync does not fetch user credentials. inSync fetches only user details, such as email, name, department, country code, logon name.

Procedure

To authenticate AD/LDAP Server credentials

  1. Double-click on the Druva inSync Connector icon. The inSync Connector window appears.
  2. Click Manage AD/LDAP Accounts. The Manage AD/LDAP Credentials window appears.
    Manage AD Accounts - Copy.png
  3. Provide the appropriate information for each field.
    Field Description
    Host

    In the list, click the host name of the AD/LDAP server that you have configured with the inSync Connector.

    The port number and secure connection associated with AD/LDAP server that you selected are automatically populated.

    Port Indicates the port number associated with the AD/LDAP server that you selected.
    Secure Connection Indicates whether a secure connection is associated with the AD/LDAP server that you selected.
    Username

    Type the user name of the AD/LDAP Server account that has read-only permissions.

    inSync Master requires read-only access to your AD/LDAP so that it can fetch the user details that it requires from your AD/LDAP. inSync does not fetch user credentials. inSync fetches only user details, such as email, name, department, country code, logon name.

    Password

    Type the password for the AD/LDAP Server account. The password is saved in an encrypted format in the inSyncADConnector.cfg file for that inSync Connector.

  4. Click Save. A message window appears.
  5. Click OK.

Note: If you do not want to save the AD/LDAP Server (read-only) credentials on the inSync Connector, you can disable this functionality. To do so, submit your request to Druva Support.

Edit your Active Directory details

You can edit the registered Active Directory details such as the host name, port number, or secure connection preference.

To edit the registered Active Directory details

  1. On the inSync Management Console menu bar, click Manage > Deployments > AD/LDAP. AD/LDAP page appears.
  2. Click the Accounts tab. List of all the registered AD/LDAP Accounts is displayed.
  3. Under the Registered AD/LDAP Accounts section, select the inSync Connector account that you want to update, and click Edit. The Edit AD/LDAP Account window appears.
  4. Update the AD/LDAP account as required.
    Note: If you are updating the host name or port number, you must re-enter the AD/LDAP Server (read-only) credentials on the inSync Connector that inSync uses to connect to your AD/LDAP.
  5. Click Ok.

Update your inSync Connector credentials

You can update the user name and password for the inSync Connector that inSync uses to connect your AD/LDAP with inSync. After you register an AD/LDAP with inSync, the registered AD/LDAP account is available in the Host list.

To update your inSync Connector credentials

  1. Double-click on the Druva inSync Connector icon. The inSync Connector window appears.
  2. Click Manage AD/LDAP Accounts. The Manage AD/LDAP Credentials window appears.
  3. Update the AD/LDAP information as required.
  4. Click Ok.

Remove your Active Directory registration from inSync

Before you begin

Before you delete the Active Directory registration from inSync, ensure the following:

  • You have deleted the AD/LDAP mapping and deleted all the users that inSync created by using this AD/LDAP mapping. See, Delete an Active Directory mapping.
  • You have deleted the profile where you have configured the user login mechanism as Active Directory. See, Delete a profile.

Procedure

To remove your Active Directory registration from inSync

  1. On the inSync Management Console menu bar, click Manage > Deployments > AD/LDAP. AD/LDAP page appears.
  2. Click the Accounts tab. List of all the registered AD/LDAP Accounts is displayed.
  3. In the Registered AD/LDAP Accounts area, click the AD/LDAP that you want to remove, and then click Delete.

Note: You must delete the AD/LDAP connector to which you have mapped your Active Directory. See, Delete an inSync Connector.