LDAP Configuration

DocLink is integrated with the Lightweight Directory Access Protocol (LDAP), a networking protocol for querying and modifying directory services. Network directory services such as Active Directory utilize the LDAP protocol to assign enterprise-wide policies. Integration with LDAP allows DocLink administrators to automate the creation of DocLink users and to enforce password changes.

The options on this dialog screen let you configure DocLink to use Windows authentication.

  1. In Active Directory, create an LDAP group for DocLink users. Add all domain uses to the group that you wish to grant access to DocLink. Creating a user group for doc-link not only allows for better management of access to doc-link, but also optimizes performance of the LDAP integration.

    Items to note about LDAP configuration:

    1. Users and Groups are the only Active Directory objects supported.
    2. LDAP authentication is not supported for non-trusted domains.
    3. If you are creating LDAP groups that contain more than 1000 members you must use Microsoft's NTDSUtil.exe to modify LDAP administration limits in Active Directory and increase default values for MaxResultSetSize and MaxValRange. Or, alternatively limit your DocLink groups to less than 1000 members.
    4. See the following Microsoft KB article for information regarding how to use NTDSUtil.exe – http://support.microsoft.com/kb/315071.
  2. With the System Settings window open, click LDAP Configuration.
  3. Check the Enable option to utilize LDAP Authentication. The LDAP process utilizes the DocLink Support Service. Make sure the services are running on the DocLink server and the configured identity has at least 'Read' permissions to Active Directory.
  4. Enter the name of your Active Directory server. Alternatively you can enter the domain name in the LDAP Server field.
  5. Leave the Port field blank if LDAP is using the default port assignment. (LDAP default port is 389, secure LDAP port is 636).  If you specified different ports when installing Active Directory, enter the customized port assignment.
  6. In the Poll Rate field, select how frequently you wish DocLink to check for changes in Active Directory.  This automated sync process is handled by the DocLink Support Service so be sure the service is running on your DocLink application server.  If you wish to manually sync Active Directory to DocLink you can disable the process that manages LDAP synchronization.
    1. Open the DocLink Support Service Dashboard in Service Monitor (Manage > Service Monitor... > Service Monitor > DocLink Support Service).
    2. Click on the Processes tab.
    3. Highlight the DocLink LDAP Synchronization process.
    4. In the Properties section, un-check the Enabled option.
    5. Restart the DocLink Support Service.
    6. The Status in the Processes grid display will now be set to 'Stopped'.
  7. The sync list (grid) displays all currently associated users and groups.
    1. Click the Add button to add a new domain user or group. The Select Users or Groups dialog opens.
    2. Click the Advanced button.
    3. Click the Find Now button to see a complete list of all domain users and groups. Note: this list is filtered based on your Windows login.
    4. Select a user or group from the list of Active Directory objects. Click OK to save.
    5. On the Select Users or Groups dialog click OK again.
    6. Your selection will display in the sync list.
  8. To delete a user/group from the sync list grid, highlight the item and click the Remove button. The user's DocLink account will become disabled.
  9. When all changes have been made, click the Sync Now button to synchronize DocLink users with the Active Directory users and groups displayed in the sync list grid.
  10. Go to Manage > Account Requests and finish creating user accounts.