ADDER A.I.M. User Manual page 33

Users > Active Directory
To simplify integration alongside existing systems within organisations, A.I.M. can be
synchronized with an LDAP/Active Directory server. This allows a list of users (and user
groups), together with usernames and group memberships to be quickly imported and
kept up to date.
Initial configuration
The basic Active Directory (AD) server details are defined in the
page. Once configured, the Users > Active Directory page (called "Import Users from
Active Directory") will allow you to scan the AD server for a list of folders and users/
groups within those folders.
choosing users and groups
Once scanned, the "Import Users from Active Directory" page shows all folders that are
available on the AD server.
1 Use the "Include Users" and "Include Groups" checkbox columns on the right hand
side of the folder lists to select which items to import (with optional additional LDAP
filters where necessary).
• If an AD user was not in the A.I.M. user database, they will be imported.
• If an AD user is already in the A.I.M. user database, they are kept.
• If an AD user is NOT marked for import/sync from the AD import page, and they
already exist in the A.I.M. user database, they will be removed from the A.I.M. user
database during the sync operation.
IMPORTANT: It is thus vital to ensure that all users you want in the A.I.M. system
are always selected for import/sync, otherwise they will be removed.
2 Choose the required "Re-Synchronize" interval. Choices are Never, Hourly, Daily or
Weekly.
3 You can choose to synchronize immediately or to preview the results of your settings:
• Click the "Preview" button to view the list of users that will be added/updated/
removed on this synchronization. Once previewed, you can either go ahead with the
sync or return to the filter page and edit your settings.
• Click the "Save & Sync" button to synchronize the selected items into the A.I.M.
user database.
Note: A.I.M. will only import folders/groups/users up to the limit set by the AD server. There is a
known issue: A.I.M. can only import x users/groups from AD where x is the limit set on the AD
server. Any users/groups beyond this limit will not be imported.
Active Directory Tips
• A backup schedule is recommended so that any changes on the AD server are carried
Dashboard > Settings
across to the A.I.M. server regularly. You can choose from hourly/daily or weekly
syncs. The settings/filters saved on this screen will be applied to each subsequent sync,
ensuring that your list of users is kept accurate.
• To temporarily remove a particular user from A.I.M. access, without having to make
complicated LDAP filters, simply edit the A.I.M. user to be suspended (see
User or Configure User
from AD, they will be prevented from logging on.
• All LDAP filters should be self-contained, e.g: (!(cn=a*))
• Be sure to save any changes made to the sync settings before clicking the "sync-now"
option. Otherwise, the next scheduled sync operation will overwrite any user changes
you made in your "sync-now".
• User groups are only imported from AD to A.I.M. if they contain users that are set to
be imported too (i.e. a group will not be imported, even if it contains users, unless its
users match the sync filters).
• Associations between users and user groups can only be made on the AD server - it
is not possible to edit user/user-group membership for AD users/groups on the A.I.M.
server.
• Users and groups are technically "synchronized" rather than "imported" - each time
a sync takes place, details are updated and if a user no longer matches the sync filters,
they will be removed from the A.I.M. user list.
page). Even though they will continue to be imported/synced
Users > Add
32