Flexible Identity Bronze LDAP Synchronization Agent guide version 1.2
publication history Date Description Revision 2014.06.27 initial release 1.0 2014.11.24 rebranding 1.1 2015.04.16 LDAP synchronization chapter moved to Quickstart guide Documentation links updated 1.2 Copyright Orange Business Services 2 of 28
welcome Your company has chosen Orange Business Services Flexible Identity Bronze service to help you protect your on-line identity and the networks, applications and data you use from unauthorized access. This guide provides: the LDAP synchronization architectures that are supported/not supported by the Flexible Identity Bronze service. the technical instructions to install and configure the Sync Agent component within your LDAP synchronization architecture. This guide is intended for any person responsible for the technical management of your Flexible Identity Bronze service. If you are not comfortable with Flexible Identity Bronze service and terminologies, you can click here to download the Flexible Identity Bronze Quickstart guide. Copyright Orange Business Services 3 of 28
contents how to install the Sync Agent for LDAP?... 5 how to handle the Sync Agent console?... 6 launching the console... 6 closing the console... 7 opening the console... 8 exiting the console... 8 how to configure the Sync Agent for LDAP?... 9 downloading the Sync Agent key file... 9 collecting LDAP server information... 9 importing the Sync Agent key file... 10 configuring the user source connection... 11 configuring groups for synchronization... 16 configuring the LDAP schema... 18 configuring the scan interval... 20 how to backup/restore the Sync Agent configuration?... 22 performing a configuration backup... 22 restoring the configuration... 23 how to start/stop the Sync Agent?... 24 starting the Sync Agent... 24 stopping the Sync Agent... 25 how to upgrade the Sync Agent?... 26 checking the Sync Agent current version... 26 checking the version of the Sync Agent new installer... 27 launching the Sync Agent new installer... 28 Copyright Orange Business Services 4 of 28
how to install the Sync Agent for LDAP? Right-click on the Sync Agent installer and select the Run as administrator option. Install the Sync Agent using the instructions provided by the installer. All configuration is performed post installation. Copyright Orange Business Services 5 of 28
how to handle the Sync Agent console? This console allows you to configure the Sync Agent. launching the console Go to Start > All programms > SafeNet > Agents and then click on the LDAP Sync Manager application to open the Sync Agent console (right-click on the application and then click on the Run as administrator option if needed). If the console does not appear, check that it is not already running as background process (see the Error! Reference source not found. chapter). Copyright Orange Business Services 6 of 28
closing the console Click the cross button on the top right of the console. The console is not stopped but is running as background process. Copyright Orange Business Services 7 of 28
opening the console If the console has been previously launched and closed, it is running as background process. Click on the Show hidden icons icon in your taskbar (bottom right of your desktop), right-click on the SAS Sync Agent icon, and then click on the Show option. exiting the console If the console has been previously launched and closed, it is running as background process. To exit a console that is running as background process, click on the Show hidden icons icon in your taskbar (bottom right of your desktop), right-click on the SAS Sync Agent icon, and then click on the Show option. Copyright Orange Business Services 8 of 28
how to configure the Sync Agent for LDAP? downloading the Sync Agent key file Connect to the Flexible Identity Bronze Management Portal and download the Sync Agent installation package related to the Flexible Identity Bronze Virtual Server for which LDAP synchronization feature is requested: VIRTUAL SERVERS Manage End User COMMS Authentication Processing LDAP Sync Agent Settings Download A link to the Agents and other software can be found here: VIRTUAL SERVERS Manage End User SNAPSHOT References Agent and software download URL Click the displayed link Installers are available for Windows 32- and 64-bit operating systems as well as for several Linux 32- and 64-bit distributions. collecting LDAP server information The following information will be required to complete the configuration of the agent after installation: The IP address/host name and port number of your LDAP Directory Server. An account name and password that can be used by the Sync Agent to connect to the LDAP Directory Server. This account password should be set to never expire to ensure the agent is always able to connect to LDAP. The user account does not need write capability as the agent only reads from the directory. TCP Port 389 or 636 open between the Sync Agent and the LDAP Directory Server. TCP Port 8456 open between the Sync Agent and the Flexible Identity Bronze service. Copyright Orange Business Services 9 of 28
importing the Sync Agent key file Launch/open the Sync Agent console. Click the Add button in the Virtual Server Name section, browse to the location of the agent key file (aka BSIDSyncConfigFile.bmc ) and then load the file. The Current Organization section will update showing the name of your Virtual Server. Copyright Orange Business Services 10 of 28
configuring the user source connection Go to the Configuration tab, and then click on the Configure button in the User Source Configuration section. Copyright Orange Business Services 11 of 28
Select the LDAP source type, and then click on the Next button. Enter the host name or IP address and port number of the primary LDAP Directory server (select SSL if you have a certificate installed on the server). If you have one or more failover LDAP Directory servers that the agent should connect to in the event that the primary cannot be reached, indicate this by selecting a corresponding number from the Number of Failover hosts dropdown list and then click the Next button. If you have declared one or more failover LDAP Directory servers, enter the host name or IP address and port number of each of them, and then click on the Next button. Copyright Orange Business Services 12 of 28
Select the Active Directory option in the LDAP Schema dropdown list, and then click on the Next button. In the User DN field, enter the username (and location of the user within LDAP) that will be used by the agent to connect to the LDAP Directory server. If using Active Directory, the value should be entered in an email format. Copyright Orange Business Services 13 of 28
Example: the basedn is DC=sales, DC=mycompany, DC=com. So the user should be defined as username@sales.cryptocard.com. The Base DN field is automatically populated with the location for the agent to search the users. Within the Active Directory. In the Password field, enter the username s password. Then, click on the Next button. The Sync Agent will automatically find all containers with users, starting from the Base DN. We strongly recommend that you check the Manually edit search Containers box before clicking the on Next button. Copyright Orange Business Services 14 of 28
Thereby, you have the ability to optimize the DNs that will be scanned by the Sync Agent, before clicking on the Next button. The DN must contain one user at least to be taken into account by the Sync Agent. Click on the Finish button to save the user source connection configuration. Copyright Orange Business Services 15 of 28
configuring groups for synchronization The LDAP group memberships are used to determine which users are synchronized. In other words, containers determine where to look for users while group membership determines which users in a container will be synchronized. Go to the Configuration tab, and then click on the Configure button in the Groups for Synchronization section. Copyright Orange Business Services 16 of 28
Select group name(s) in the Available Groups pane, click on the right arrow button to move it/them to the Synch Groups pane (use the left arrow button to perform the reverse action) and then click on the OK button to validate your configuration. Copyright Orange Business Services 17 of 28
configuring the LDAP schema The LDAP schema allows you to view LDAP objects which are not visible by default within the Sync Agent. Go to the Configuration tab, and then click on the Configure button in the LDAP Schema Configuration section. Copyright Orange Business Services 18 of 28
Select the Active Directory option in the Schema dropdown list, and then click on the Next button. Mapped To fields related to the UID, First Name, Last Name and E-mail Address attributes should always contain a value. In addition, we highly recommend to replace the default value ( ObjectGUID ) by the mail one in the Mapped To field related to the UID attribute. Click on the Apply button to save your configuration. Copyright Orange Business Services 19 of 28
configuring the scan interval This value determines how frequently the Sync Agent will scan LDAP for changes. Only if changes are detected will the Sync Agent synchronize with the authentication server. Go to the Configuration tab, and then click on the Configure button in the Other Synchronization Options section. Copyright Orange Business Services 20 of 28
Enter the scan interval value in the Scan for changes every minutes field, and then click the OK button. We highly recommend to keep the 20 (minutes) default value. Copyright Orange Business Services 21 of 28
how to backup/restore the Sync Agent configuration? performing a configuration backup Launch/open the Sync Agent console. Go to the File menu and then click on the Backup all configuration option. Save the backup file (with.mpb extension) in a safe place (such as network storage). Copyright Orange Business Services 22 of 28
restoring the configuration If you lost your Sync Agent configuration, you have the ability to restore it from a previously saved backup file. From the Sync Agent console: Go to File menu and then click on the Restore configuration option. Select the backup file (with.mpb extension) and click on the Open button. The Restore window appears. Select your organization and then click on the OK button. Copyright Orange Business Services 23 of 28
how to start/stop the Sync Agent? Launch/open the Sync Agent console. starting the Sync Agent Click on the Start button. Copyright Orange Business Services 24 of 28
The Service Status turns from the Stopped to the Running value. stopping the Sync Agent Click on the Stop button. The Service Status turns from the Running to the Stopped value. Copyright Orange Business Services 25 of 28
how to upgrade the Sync Agent? checking the Sync Agent current version Launch/open the Sync Agent console. Go to the Help menu and then click on the About option. x.x.xxxxx.xxxxx A pop-up window appears, displaying the Sync Agent current version. Copyright Orange Business Services 26 of 28
Perform a configuration backup before stopping the Sync Agent and exiting the console. checking the version of the Sync Agent new installer Right-click on the Sync Agent new installer and select the Properties option, select the Details tab, and then check the value of the Product version field. Be sure that this version number is greater than the current one. Click on the OK button to close the Properties window. Copyright Orange Business Services 27 of 28
launching the Sync Agent new installer Right-click on the Sync Agent new installer and select the Run as administrator option. A pop-up window will inform you that you re upgrading an existing Sync Agent. Click on the Yes button to continue. Install the new Sync Agent using the instructions provided by the installer. Check the new Sync Agent version and configuration before restarting it. Copyright Orange Business Services 28 of 28