CSSv5.0.0 en:LDAP Settings: Unterschied zwischen den Versionen

Aus Cryptshare Documentation
Wechseln zu:Navigation, Suche
(Imported from text file)
 
(Imported from text file)
 
Zeile 3: Zeile 3:
-----
-----


If the users within your network are managed through an LDAP Server such as Microsoft Active Directory, it is possible to use LDAP groups and users to define the senders and recipients in Policy Rules (see
If the users within your network are managed through an LDAP Server such as Microsoft Active Directory, it is possible to use LDAP groups and users to define the senders and recipients in Policy Rules (see [[{{NAMESPACE}}:Policy_Settings|Policy Settings]]).
[[CSSBackend_en:Policy_Settings|Policy Settings]]).
 
= Configuring an LDAP Server for Cryptshare =
= Configuring an LDAP Server for Cryptshare =
The LDAP Server configuration consists of two steps.
The LDAP Server configuration consists of two steps.
The first step is for establishing the connection to the LDAP Server.
The first step is for establishing the connection to the LDAP Server.
The second step tells the Cryptshare Server which LDAP attributes contain the email addresses of individual users. This step is only available if the LDAP connection is successfully established and settings have been saved.
The second step tells the Cryptshare Server which LDAP attributes contain the email addresses of individual users. This step is only available if the LDAP connection is successfully established and settings have been saved.


Zeile 49: Zeile 45:


You may also be required to provide 'Bind DN' credentials (User credentials) in order to be able to connect to your LDAP Server.
You may also be required to provide 'Bind DN' credentials (User credentials) in order to be able to connect to your LDAP Server.
Enter the Username (the NETBIOS/Windows Server 2012 variant) and the password of a User, who is allowed to ask LDAP:
Enter the Username (the NETBIOS/Windows Server 2012 variant) and the password of a User, who is allowed to ask LDAP:
{{InfoBox|title=|content=Please note that the connection check cannot identify if the directory type has been set correctly.
{{InfoBox|title=|content=Please note that the connection check cannot identify if the directory type has been set correctly.
}}
}}
Zeile 58: Zeile 52:


Use the 'Check Connection' button to find out whether your settings are correct and if a connection can be established. If no connection can be established, a respective error message will appear. Along with the error message a more detailed log entry will give more precise information about this error together with an LDAP 'ResultCode'.
Use the 'Check Connection' button to find out whether your settings are correct and if a connection can be established. If no connection can be established, a respective error message will appear. Along with the error message a more detailed log entry will give more precise information about this error together with an LDAP 'ResultCode'.
The result code is a standardized LDAP result code. For more information on single LDAP result codes please refer to the following links:
The result code is a standardized LDAP result code. For more information on single LDAP result codes please refer to the following links:
* [http://tools.ietf.org/html/rfc4511#appendix-A http://tools.ietf.org/html/rfc4511#appendix-A]
* [http://tools.ietf.org/html/rfc4511#appendix-A http://tools.ietf.org/html/rfc4511#appendix-A]
* [https://www.unboundid.com/products/ldapsdk/docs/javadoc/com/unboundid/ldap/sdk/ResultCode.html https://www.unboundid.com/products/ldapsdk/docs/javadoc/com/unboundid/ldap/sdk/ResultCode.html]
* [https://www.unboundid.com/products/ldapsdk/docs/javadoc/com/unboundid/ldap/sdk/ResultCode.html https://www.unboundid.com/products/ldapsdk/docs/javadoc/com/unboundid/ldap/sdk/ResultCode.html]


[[File:18945632.png]]
[[File:18945632.png]]
[[File:2981962.png]]
[[File:2981962.png]]


== Step 2: LDAP Attribute Selection ==
== Step 2: LDAP Attribute Selection ==
After successfully configuring the LDAP connection settings, section 2 for the LDAP settings will appear and offer a visual interface for selecting the LDAP Attributes containing the email addresses of individual LDAP users.
After successfully configuring the LDAP connection settings, section 2 for the LDAP settings will appear and offer a visual interface for selecting the LDAP Attributes containing the email addresses of individual LDAP users.
{{InfoBox|title=|content=As long as no email attributes have been selected, Cryptshare is unable to determine the email addresses of the LDAP users and Policy Rules cannot match
{{InfoBox|title=|content=As long as no email attributes have been selected, Cryptshare is unable to determine the email addresses of the LDAP users and Policy Rules cannot match
}}
}}
Zeile 79: Zeile 69:


When selecting an entry, an additional view will appear on the right side showing the LDAP attribute names and corresponding values. If you have selected an LDAP user entry, you can now go on and select those LDAP entries containing the email addresses of users.
When selecting an entry, an additional view will appear on the right side showing the LDAP attribute names and corresponding values. If you have selected an LDAP user entry, you can now go on and select those LDAP entries containing the email addresses of users.
Finish the configuration by clicking the 'Save' button. Cryptshare is now ready for setting up LDAP-based Policy Rules (see [[#|Policy Settings]]).
Finish the configuration by clicking the 'Save' button. Cryptshare is now ready for setting up LDAP-based Policy Rules (see [[#|Policy Settings]]).



Aktuelle Version vom 27. August 2021, 14:01 Uhr



If the users within your network are managed through an LDAP Server such as Microsoft Active Directory, it is possible to use LDAP groups and users to define the senders and recipients in Policy Rules (see Policy Settings).

Configuring an LDAP Server for Cryptshare

The LDAP Server configuration consists of two steps. The first step is for establishing the connection to the LDAP Server. The second step tells the Cryptshare Server which LDAP attributes contain the email addresses of individual users. This step is only available if the LDAP connection is successfully established and settings have been saved.

Step 1: LDAP Server Connection

Depending on what type of LDAP Server you are using, you'll first have to select the LDAP Server type. Currently there are three supported types:

Server Type Group Objectclass User Objectclass
Microsoft AD group person
IBM Domino dominoGroup dominoPerson
OpenLDAP groupOfNames inetOrgPerson
Please be sure to select the correct Server Type. If the wrong type has been selected, Cryptshare cannot find the LDAP users and Policy Rules will not match.


Continue by configuring the remaining connection settings. Depending on how your LDAP Server is set up you may be required to use the secure connection setting:

18945635.png

You may also be required to provide 'Bind DN' credentials (User credentials) in order to be able to connect to your LDAP Server. Enter the Username (the NETBIOS/Windows Server 2012 variant) and the password of a User, who is allowed to ask LDAP:

Please note that the connection check cannot identify if the directory type has been set correctly.


18945633.png

Use the 'Check Connection' button to find out whether your settings are correct and if a connection can be established. If no connection can be established, a respective error message will appear. Along with the error message a more detailed log entry will give more precise information about this error together with an LDAP 'ResultCode'. The result code is a standardized LDAP result code. For more information on single LDAP result codes please refer to the following links:

18945632.png 2981962.png

Step 2: LDAP Attribute Selection

After successfully configuring the LDAP connection settings, section 2 for the LDAP settings will appear and offer a visual interface for selecting the LDAP Attributes containing the email addresses of individual LDAP users.

As long as no email attributes have been selected, Cryptshare is unable to determine the email addresses of the LDAP users and Policy Rules cannot match


On the left hand side an LDAP Tree containing all LDAP entries is shown. Select a user entry by clicking on it. While hovering with the mouse above single entries, a popup will occur showing the LDAP attribute values for this entry:

18945631.png

When selecting an entry, an additional view will appear on the right side showing the LDAP attribute names and corresponding values. If you have selected an LDAP user entry, you can now go on and select those LDAP entries containing the email addresses of users. Finish the configuration by clicking the 'Save' button. Cryptshare is now ready for setting up LDAP-based Policy Rules (see Policy Settings).

18945630.png