User Synchronisation

From Opendium Documentation
Jump to navigation Jump to search

For Opendium systems which are integrated into a Windows network, users should be synchronised from your Active Directory using the User Sync system. This functionality can be accessed through the User Sync, User Sync - Deletion and User Sync Configuration tabs within Users & Groups.

For Opendium systems which are not integrated into a Windows network, use the Import Users system to bulk import users into the system instead.

Configuration

Configuration of the User Sync system is usually done once at installation time and rarely needs to be changed. This configuration can be accessed through the User Sync Configuration tab within Users & Groups.

A user must exist within Active Directory to allow the Opendium system to synchronise users. This user should not be an administrator.

The following configuration must be set on the Opendium system:

  • LDAP server: the IP address of the domain controller.
  • Directory type: The type of directory server to synchronise against. Usually this will be "Microsoft active directory", but other systems are also supported.
  • Bind DN: The DN of the synchronisation user within Active Directory. This user should not be an administrator.
  • Password: The password of the synchronisation user within Active Directory.
  • Base DN: The base DN of the domain.

By default all of the users under the base DN are synchronised, but more specific OUs can be added in the Organisation units section to be synchronised instead.

Users are assigned to groups on the Opendium system based on their Active Directory security groups. Appropriate mappings between the Active Directory security groups and the Opendium groups must also be configured by clicking Add group mapping. Users that are not members of any mapped security group will not be synchronised onto the Opendium system.

User synchronisation will:

  • Create any users on the Opendium system which do not already exist.
  • Update data such as the user's name and group mappings to match Active Directory.
  • Delete any users on the Opendium system which no longer exist, or are no longer in a mapped security group in Active Directory.

By clicking Add ignored user, users can be excluded from the synchronisation process.

Synchronisation

After changes to Active Directory, the users need to be synchronised. The synchronisation system is divided into two parts, one to create and update the users, and the other to delete users from the Opendium system. The former is accessed through the User Sync tab within Users & Groups. This part of the synchronisation system will:

  • Create any users on the Opendium system which do not already exist.
  • Update data such as the user's name and group mappings to match Active Directory.
  • Not delete any users (see Deletion).

The system will retrieve the data from Active Directory, calculate the synchronisation actions that are needed and present a list of out of sync users. Clicking the Synchronise Selected Users button will update the Opendium system.

If any users exist in Active Directory but are not members of any mapped security groups, they will be displayed in a table at the bottom of the page. You may need to configure a new group mapping on the User Sync Configuration page

Deletion

After changes to Active Directory, the users need to be synchronised. The synchronisation system is divided into two parts, one to create and update the users, and the other to delete users from the Opendium system. The latter is accessed through the User Sync - Deletion tab within Users & Groups. This part of the synchronisation system will delete any users which no longer exist, or are no longer in a mapped security group in Active Directory.

The system will retrieve the data from Active Directory and present a list of users to be deleted. Clicking the Delete Selected Users button will delete the users from the Opendium system.