ADDER AdderLink Infinity Manager User Manual page 29

Users > Active Directory
To simplify integration alongside existing systems within organisations, AIM
can be synchronised with an LDAP/Active Directory server. This allows a list of
users (and user groups), together with usernames and group memberships to be
quickly imported and kept up to date.
Initial configuration
The basic Active Directory (AD) server details are defined in the
> Settings
page. Once configured, the Users > Active Directory page (called
"Import Users from Active Directory") will allow you to scan the AD server for a
list of folders and users/groups within those folders.
Choosing users and groups
Once scanned, the "Import Users from Active Directory" page shows all folders
that are available on the AD server.
1 Use the "Include Users" and "Include Groups" checkbox columns on the
right hand side of the folder lists to select which items to import (with
optional additional LDAP filters where necessary).
• If an AD user was not in the AIM user database, they will be imported.
• If an AD user is already in the AIM user database, they are kept.
• If an AD user is NOT marked for import/sync from the AD import page,
and they already exist in the AIM user database, they will be removed
from the AIM user database during the sync operation.
IMPORTANT: It is thus vital to ensure that all users you want in the
AIM system are always selected for import/sync, otherwise they will be
removed.
2 You can choose to synchronise immediately or to preview the results of your
settings:
• Click the "Preview" button to view the list of users that will be added/
updated/removed on this synchronisation. Once previewed, you can
either go ahead with the sync or return to the filter page and edit your
settings.
• Click the "Save & Sync" button to synchronise the selected items into
the AIM user database.
Note: AIM will only import folders/groups/users up to the limit set by the AD
server. There is a known issue: AIM can only import x users/groups from AD
where x is the limit set on the AD server. Any users/groups beyond this limit will
not be imported.
Active Directory Tips
• A backup schedule is recommended so that any changes on the AD server
are carried across to the AIM server regularly. You can choose from hourly/
daily or weekly syncs. The settings/filters saved on this screen will be applied
to each subsequent sync, ensuring that your list of users is kept accurate.
• To temporarily remove a particular user from AIM access, without having to
Dashboard
make complicated LDAP filters, simply edit the AIM user to be suspended
(see Users > Add User or Configure User
continue to be imported/synced from AD, they will be prevented from
logging on.
• All LDAP filters should be self-contained, e.g: (!(cn=a*))
• Be sure to save any changes made to the sync settings before clicking the
"sync-now" option. Otherwise, the next scheduled sync operation will
overwrite any user changes you made in your "sync-now".
• User groups are only imported from AD to AIM if they contain users that are
set to be imported too (i.e. a group will not be imported, even if it contains
users, unless its users match the sync filters).
• Associations between users and user groups can only be made on the AD
server - it is not possible to edit user/user-group membership for AD users/
groups on the AIM server.
• Users and groups are technically "synchronized" rather than "imported"
- each time a sync takes place, details are updated and if a user no longer
matches the sync filters, they will be removed from the AIM user list.
page). Even though they will
28