Skip to main content


 

 

How can we help you?

 

Druva Documentation

Register your AD/LDAP

Heads up!

We've transitioned to a new documentation portal to serve you better. Access the latest content by clicking here.

License editions: To understand the applicable license editions, see Plans & Pricing.

Overview

If you want to use Active Directory (AD) or Lightweight Directory Access Protocol (LDAP) to manage your inSync users, you must register that AD/LDAP with inSync. The AD/LDAP registration involves a two-step process.

AD/LDAP Connector must connect to the AD/LDAP server directly and not through a proxy server.

Prerequisites

Ensure that you have completed the following configurations:

  1. Installed the AD/LDAP Connector. For more information, see Install or upgrade AD/LDAP Connector.
  2. Configured the AD/LDAP Connector. For more information, see Configure AD/LDAP Connector.

Before you begin

Ensure that you have the following information about your AD/LDAP:

  • The hostname of the AD/LDP Server where the global catalog Server or the Domain Controller of the AD/LDAP is available.
  • The port number to access the AD/LDAP.
  • The AD/LDAP Server credentials to access the AD/LDAP.
  • If you are registering the LDAP server as the directory service, you must provide value for equivalent LDAP attributes for mapping the user in inSync.

Procedure

Step 1: Register your AD/LDAP

You can register either of the following:

  • Register the global catalog server of your AD/LDAP.
    Registering a global catalog server is advantageous for organizations that have geographically distributed offices. This allows you to import users from different domains to the same profile.
  • The domain controller of your AD/LDAP.
    Registering a domain controller is advantageous for smaller organizations that have only one office.

To register your AD/LDAP with inSync Master

  1. On the inSync Management Console menu bar, click Users > User Provisioning.
  2. Click the Accounts tab. A list of all the registered AD/LDAP Accounts is displayed.
  3. Click Register AD/LDAP Account. The Register AD/LDAP Account window appears.
  4. Provide the appropriate information for each field and click Ok.
    The AD/LDAP is registered with inSync Master.
Field  Description
Directory Service Type

Select the directory service type that you want to register with inSync Cloud. Available directory service types are as follows:

  • Microsoft AD 
  • LDAP (others), are other services using LDAP protocol, including OpenLDAP - an open-source implementation.
AD/LDAP Connector Select the AD/LDAP Connector that inSync must use to connect your AD/LDAP with inSync Cloud.
Host Type the Hostname of the server where the Global Catalog or the Domain Controller is available.
Port

Type the port number required to access your AD/LDAP.  

If you are registering the AD/LDAP by using its Domain Controller details, you must use 636 as the port number for a secure connection or 389 as the port number for a non-secure connection.

If you are registering the AD/LDAP by using Global Catalog server details, you must use 3269 as the port number for a secure connection or 3268 as the port number for a non-secure connection.

Use secure connection If you want to access your AD/LDAP through an HTTPS connection, select this check box.
If you are registering LDAP as the Directory Service, you must enter the following Attribute Mapping details.
Email Type the LDAP attribute for email, that should map to the inSync email address.
inSync Username Type the LDAP attribute that should map to the inSync username.
logon Name This is the distinguished name of the user. This is used as a username for LDAP based authentication.

Step 2: Establish a connection between the registered AD/LDAP Server and the Connector

You must establish a connection between a registered AD/LDAP Server and the AD/LDAP Connector for importing user details from that AD/LDAP. inSync Master requires read-only access to your AD/LDAP so that it can fetch the user details that it requires from your AD/LDAP. inSync does not fetch user credentials. inSync fetches only user details, such as email, name, department, country code, logon name.

When you establish a connection, you provide the AD/LDAP Server credentials that have read-only permissions on the AD/LDAP Connector. These credentials are saved in an encrypted format in the inSyncADConnector.cfg file for that inSync Connector.

To authenticate AD/LDAP Server credentials

  1. Double-click on the Druva AD/LDAP Connector icon. The AD/LDAP Connector window appears.
  2. Click Manage AD/LDAP Accounts. The Manage AD/LDAP Credentials window appears.
  3. Provide the appropriate information for each field, click Save, and then Click OK.
Field Description
Host

In the list, click the Hostname of the AD/LDAP server that you have configured with the AD/LDAP Connector.

The port number and secure connection associated with AD/LDAP server that you selected are automatically populated.

Port Indicates the port number associated with the AD/LDAP server that you selected.
Secure Connection Indicates whether a secure connection is associated with the AD/LDAP server that you selected.
Username

Type the user name of the AD/LDAP Server account that has read-only permissions.

inSync Master requires read-only access to your AD/LDAP so that it can fetch the user details that it requires from your AD/LDAP. inSync does not fetch user credentials. inSync fetches only user details, such as email, name, department, country code, logon name.

Password

Type the password for the AD/LDAP Server account. The password is saved in an encrypted format in the inSyncADConnector.cfg file for that inSync Connector.

Note: If you do not want to save the AD/LDAP Server (read-only) credentials on the {{iconnector}}, you can disable this functionality. To do so, submit your request to Support.

Edit your Active Directory details

You can edit the registered Active Directory details such as the Hostname, port number, or secure connection preference.

To edit the registered Active Directory details

  1. On the inSync Management Console menu bar, click Users > User Provisioning.
  2. Click the Accounts tab. A list of all the registered AD/LDAP Accounts is displayed.
  3. Under the Registered AD/LDAP Accounts section, select the AD/LDAP Connector account that you want to update, and click Edit. The Edit AD/LDAP Account window appears.
  4. Update the AD/LDAP account as required.
    Note: If you are updating the Hostname or port number, you must re-enter the AD/LDAP Server (read-only) credentials on the AD/LDAP Connector that inSync uses to connect to your AD/LDAP.
  5. Click Ok.

Update your inSync Connector credentials

You can update the user name and password for the inSync Connector that inSync uses to connect your AD/LDAP with inSync. After you register an AD/LDAP with inSync, the registered AD/LDAP account is available in the Host list.

To update your AD/LDAP Connector credentials

  1. Double-click on the Druva AD/LDAP Connector icon. The AD/LDAP Connector window appears.
  2. Click Manage AD/LDAP Accounts. The Manage AD/LDAP Credentials window appears.
  3. Update the AD/LDAP information as required.
  4. Click Ok.

Remove your Active Directory registration from inSync

Before you begin

Before you delete the Active Directory registration from inSync, ensure the following:

  • You have deleted the AD/LDAP mapping and deleted all the users that inSync created by using this AD/LDAP mapping. See, Delete an Active Directory mapping.
  • You have deleted the profile where you have configured the user login mechanism as Active Directory. See, Delete a profile.

Procedure

Step 1: Register your AD/LDAP

You can register either of the following:

  • Register the global catalog server of your AD/LDAP.
    Registering a global catalog server is advantageous for organizations that have geographically distributed offices. This allows you to import users from different domains to the same profile.
  • The domain controller of your AD/LDAP.
    Registering a domain controller is advantageous for smaller organizations that have only one office.

To register your AD/LDAP with inSync Master

  1. On the inSync Management Console menu bar, click Users > User Provisioning.
  2. Click the Accounts tab. A list of all the registered AD/LDAP Accounts is displayed.
  3. Click Register AD/LDAP Account. The Register AD/LDAP Account window appears.
  4. Provide the appropriate information for each field and click Ok.
    The AD/LDAP is registered with inSync Master.
Field  Description
Directory Service Type

Select the directory service type that you want to register with inSync Cloud. Available directory service types are as follows:

  • Microsoft AD 
  • LDAP (others), are other services using LDAP protocol, including OpenLDAP - an open-source implementation.
AD/LDAP Connector Select the AD/LDAP Connector that inSync must use to connect your AD/LDAP with inSync Cloud.
Host Type the Hostname of the server where the Global Catalog or the Domain Controller is available.
Port

Type the port number required to access your AD/LDAP.  

If you are registering the AD/LDAP by using its Domain Controller details, you must use 636 as the port number for a secure connection or 389 as the port number for a non-secure connection.

If you are registering the AD/LDAP by using Global Catalog server details, you must use 3269 as the port number for a secure connection or 3268 as the port number for a non-secure connection.

Use secure connection If you want to access your AD/LDAP through an HTTPS connection, select this check box.
If you are registering LDAP as the Directory Service, you must enter the following Attribute Mapping details.
Email Type the LDAP attribute for email, that should map to the inSync email address.
inSync Username Type the LDAP attribute that should map to the inSync username.
logon Name This is the distinguished name of the user. This is used as a username for LDAP based authentication.

Step 2: Establish a connection between the registered AD/LDAP Server and the Connector

You must establish a connection between a registered AD/LDAP Server and the AD/LDAP Connector for importing user details from that AD/LDAP. inSync Master requires read-only access to your AD/LDAP so that it can fetch the user details that it requires from your AD/LDAP. inSync does not fetch user credentials. inSync fetches only user details, such as email, name, department, country code, logon name.

When you establish a connection, you provide the AD/LDAP Server credentials that have read-only permissions on the AD/LDAP Connector. These credentials are saved in an encrypted format in the inSyncADConnector.cfg file for that inSync Connector.

To authenticate AD/LDAP Server credentials

  1. Double-click on the Druva AD/LDAP Connector icon. The AD/LDAP Connector window appears.
  2. Click Manage AD/LDAP Accounts. The Manage AD/LDAP Credentials window appears.
  3. Provide the appropriate information for each field, click Save, and then Click OK.
Field Description
Host

In the list, click the Hostname of the AD/LDAP server that you have configured with the AD/LDAP Connector.

The port number and secure connection associated with AD/LDAP server that you selected are automatically populated.

Port Indicates the port number associated with the AD/LDAP server that you selected.
Secure Connection Indicates whether a secure connection is associated with the AD/LDAP server that you selected.
Username

Type the user name of the AD/LDAP Server account that has read-only permissions.

inSync Master requires read-only access to your AD/LDAP so that it can fetch the user details that it requires from your AD/LDAP. inSync does not fetch user credentials. inSync fetches only user details, such as email, name, department, country code, logon name.

Password

Type the password for the AD/LDAP Server account. The password is saved in an encrypted format in the inSyncADConnector.cfg file for that inSync Connector.

Note: If you do not want to save the AD/LDAP Server (read-only) credentials on the {{iconnector}}, you can disable this functionality. To do so, submit your request to Support.