LDAP

DocLink has been integrated with the Lightweight Directory Access Protocol (LDAP), a networking protocol for querying and modifying directory services. Network directory services such as Active Directory utilize the LDAP protocol to assign enterprise-wide policies. Integration with LDAP allows DocLink Administrators to automate the creation of DocLink users and to enforce password changes.

Noteworthy Items Prior to Configuring LDAP

  1. Users and Groups are the only Active Directory objects supported.
  2. LDAP authentication is not supported for non-trusted domains.
  3. If you are creating LDAP groups that contain more than 1000 members you must use Microsoft's NTDSUtil.exe to modify LDAP administration limits in Active Directory and increase default values for MaxResultSetSize and MaxValRange. Or alternatively keep your LDAP groups to less than 1000 members.

    See the following Microsoft TechNet article for additional information:

    https://technet.microsoft.com/en-us/library/cc753343.aspx.

 

Configure LDAP

  1. In Active Directory, create a LDAP group for DocLink users. Add all domain users to the group that you wish to grant access to DocLink.
  2. Click on the System Settings tile on the Administration tab. Then select LDAP Configuration.
  3. Check the Enable option to utilize LDAP Authentication. The LDAP process utilizes the DocLink Support Service. Make sure the service is running on the DocLink server and the configured identity has at least 'Read' permissions to Active Directory.
  4. If you are using secure LDAP (LDAP protocol over TLS/SSL), check SSL. Otherwise leave this option unchecked.
    1. Enter the name of your Active Directory server, alternatively you can enter the domain name in the LDAP Server field.
    2. Leave the Port field blank if LDAP is using the default port assignment (LDAP default port is 389, secure LDAP port is 636).  If you specified different ports when installing Active Directory, enter the customized port assignment.
    3. In the Poll Rate field, select how frequently you wish DocLink to check for changes in Active Directory. This automated sync process is handled by the DocLink Support Service so be sure the service is running on your DocLink server. If you wish to manually sync Active Directory to DocLink you can disable the process that manages LDAP synchronization.
      • Open the DocLink Support Service Dashboard in Service Monitor.
      • Click on the Processes tab.
      • Highlight the DocLink LDAP Synchronization process.
      • In the Properties section, uncheck the Enabled option.
      • Restart the DocLink Support Service.
  5. The sync list displays all currently associated users and groups.
    1. Click the Add button to add a new domain user or group. The Select Users or Groups dialog opens.
    2. Click the Advanced button.
    3. Click the Find Now button to see a complete list of all domain users and groups. Note: this list is filtered based on your Windows login.
    4. Select a user or group from the list of Active Directory objects. Click OK to save.

      To optimize performance create a group of users and add this group, rather than adding users one at a time.

  6. On the Select Users or Groups dialog click OK again.
  7. Your selection will display in the sync list.
  8. To delete an existing user or group, highlight the item in the grid and click the Delete button to remove from the sync list. The user's DocLink account will be disabled.
  9. Select the Sync Now button to sync DocLink users with Active Directory users and groups displayed in the sync list.
  10. Click on the Account Requests tile on the Administration tab to finish creating user accounts.
    1. Highlight a user and click Create Account to open the New User Wizard. The wizard will pre-populate with values from Active Directory.
    2. See Create a New User for instructions on finishing this user’s account.