Skip to main content

 

Druva Documentation

Create an AD/LDAP mapping

inSync Private Cloud Editions: File:/tick.png Elite File:/tick.png Enterprise

Overview

The inSync AD/LDAP mapping wizard allows you to create users in inSync by importing their details from your Active Directory (AD) or LDAP. In an AD/LDAP mapping, you define filter parameters to extract user details from your AD/LDAP. You also define the profile, storage, and quota that inSync must assign to users who match the filter parameters.

AD/LDAP Mapping is only used for -

  • Initial on-boarding - Import users and their details in inSync using the filters from registered AD/LDAP and create users in inSync.
  • Automatically import new users that are added to AD/LDAP periodically.

The following table lists different methods that you can use to define AD/LDAP filter parameters.

Filter Method Description
Regular filter

For most AD/LDAP mappings, we recommend that you use this method.

This method allows you to select the options based on the values provided in the lists. inSync populates these lists with values after querying your AD/LDAP. You must select the values in a sequential order because selecting the previous field populates the list in the next field.

Manual filter

This method allows you to enter the values for each field manually. We recommend that you use this method only if you are well-informed about your organization's AD/LDAP structure.

To use this method, at the bottom of the AD/LDAP Configuration page, click Switch to manual AD/LDAP filters.

 

Procedure

To create an AD/LDAP mapping

  1. On the inSync Management Console menu bar, click Manage > Deployments > AD/LDAP.
  2. Under the Mappings tab, click New Mapping. The Create AD/LDAP Mapping wizard appears.
  3. Under AD/LDAP Configuration, provide the appropriate information for each field. 
Field Description
AD/LDAP mapping name Type a name for this AD/LDAP mapping.
AD/LDAP server Click the AD/LDAP server with which that you want to associate this mapping.
Directory Service type The directory service associated is displayed.
Base DN Click the Base DN for which you want to view the organization units and groups. 
Name to be used for creation

Select one of the following,

  • If you want to create inSync user names in the first name and last name format, click Common Name(cn).
  • If you want to use the Universal Principal Name(UPN) as the inSync user name, click Universal Principal Name(UPN).
Under Filter Users,
Organizational unit

Click the organization unit from which you want to query for users.

AD group

Click the AD group from which you want to query for users. Do one of the following to select users,

  • Select a group that directly contains users.
  • If you want to import users from groups that are outside the local domain, the group must be a universal security group.

Based on the Organizational Unit (OU) you have selected, groups are populated in the Select Group box. Select the appropriate group from the list to query the users. Users are mapped to the Organizational Unit based on the combination of the selected criteria.

Note: Nested primary groups are not supported.

Department

Type the department from which you want to query for users.

Select a department only if it has been defined in your AD/LDAP. Otherwise, leave this field blank. If you select a department that does not exist in the AD/LDAP, inSync does not import any user.

Country

Click the country from which you want to query for users.

Select a country only if it has been defined in the AD/LDAP. Otherwise, leave this field empty. If you select a country that does not exist in the AD/LDAP, inSync does not import any user.

Note: If you choose to manually provide the AD/LDAP Configuration details, ensure that you type the LDAP distinguished name of the Base DN, Organizational unit, and AD/LDAP group. For example, OU=Marketing,DC=AD-maxcrc,DC=druva,DC=com. To find the distinguished name, open the AD/LDAP object property window on your AD/LDAP server, and under the Attribute Editor tab, find the distinguishedName
  1. Under inSync Configuration, provide the appropriate information for each field. 
    Field Name
    Profile Click the profile to which you want to assign the users that you import from your AD/LDAP.
    Storage Click the storage where inSync must store the backup data from user devices.
    Quota per user Type the quota for the users. 
    Auto import new users If you want to automatically import user details from your AD/LDAP at regular intervals, select this check box.
    Send activation email to newly added users

    If you want inSync to send activation emails to new users, select this check box. 

    Note: This checkbox appears only if you select Auto import new users checkbox in the previous step.

  2. Click Finish.

AD/LDAP Mapping is created. inSync imports users based on the criteria defined and creates inSync accounts for them as per the defined configuration.

  • Was this article helpful?