If your organization uses Active Directory (AD) or Lightweight Directory Access Protocol (LDAP) to store user details, you can use your AD/LDAP to:
- Create users on inSync.
- Authenticate users on inSync.
- Mass deploy inSync client.
Your AD/LDAP cannot communicate directly with inSync Cloud. To enable this communication, you must:
If you have an existing installation of AD/LDAP Connector, upgrade it to latest version.
Note: You can use AD/LDAP Connector to add and manage new users. You cannot use AD/LDAP connector to manage existing users on inSync Cloud. Existing users will continue to use their inSync Cloud credentials and you have to manage these users manually.
AD/LDAP Connector Connectivity with the AD or LDAP Server
inSync uses the AD/LDAP Connector only while authenticating and activating inSync clients. Backups and restores from end-user devices on which inSync client is activated will work as usual even if the computer where you installed the AD/LDAP Connector is not available. This means that you do not need to ensure high availability (HA) for theAD/LDAP Connector.
The inSync AD/LDAP Connector connects with the AD/LDAP Server only when required. The following points outline some of the use cases for the AD/LDAP Connector.
- During AD/LDAP Mapping creation: You must create AD/LDAP Mapping if you want to create inSync users by importing their details from the AD/LDAP Server. When creating AD/LDAP Mapping, inSync Cloud queries the AD/LDAP server to retrieve the name of the Base DN, Organizational Units, and Groups. The AD/LDAP Connector facilitates the communication. For information on creating AD/LDAP Mapping, refer to Creating an AD/LDAP Mapping.
- When importing user details: When you are creating users by importing their details from the AD/LDAP Server, inSync Cloud fetches the user details from the AD/LDAP Server. The communication is facilitated by the AD/LDAP Connector. If inSync Cloud is configured to fetch user details periodically, it sends its query to the AD/LDAP Connector once every 24 hours. For more information importing user details from AD/LDAP, refer to Adding a group of users by importing details from an Active Directory.
- When activating inSync Client during the mass deployment process: At the end of the inSync Client mass deployment process, the users log on to their computer using their AD/LDAP credentials. The inSync Client sends the user details and the mass deployment token to inSync Cloud for verification. inSync Cloud communicates with the AD/LDAP Server through AD/LDAP Connector to query the user details. inSync Cloud verifies the token. If the user exists on inSync Cloud, the device is activated. If not, the user is created on inSync Cloud and the user device is activated. To know more about the mass deployment process, see Mass Deploying inSync Client.
- When authenticating users on inSync Web: If a user, who is configured to use his AD/LDAP credentials for inSync, tries to log on to inSync Web, inSync Cloud will send a verification request to the AD/LDAP Server through the AD/LDAP Connector.
The following table lists the ports that the AD/LDAP connector uses.
|Port Number||Used By|
|443, 6061, 80||
AD/LDAP Connector with inSync Cloud
|3268||LDAP on global catalog|
|3269||Secure LDAP on global catalog|