infoRouter LDAP Synchronization Manager runs as a service on any computer on your network.
The service automatically check for changes in LDAP and communicates the changes to infoRouter.
New users are added to infoRouter, disabled or deleted users in LDAP are disabled in infoRouter.
Users will only have to remember their NT user ids and passwords to gain access to infoRouter.
***** STOP *****
Before you install and configure this service, you MUST make sure that you have the LDAP Authentication Service setup and configured.
If you already have users in infoRouter and wish to have their authentication managed by LDAP, you must make sure that their current user id’s (infoRouter user id) match with their corresponding user id’s in LDAP.
infoRouter users are by default authenticated from a source called infoRouter. If you wish for these users to be authenticated from LDAP, their authentication source must be changed to reflect your LDAP Authentication source.
Run the setup program located in the “ProgramSetups” directory which is located in the infoRouter application directory
Run the setup program located in the “ProgramSetups” directory which is located in the infoRouter application directory
Now launch the LDAP Synchronization Manager configuration screen from the Start menu > infoRouter > infoRouter LDAP Manager
Enter the appropriate connection URL and specify the infoRouter user account user id and password. The user account used must either be the sysadmin account or an account that is a part of the “User Managers” user group in infoRouter.
Specify an NT domain name. Remember, this is NOT a server name or IP. Also note that domain names are case sensitive.
Only the selected LDAP groups and their members will be synchronized with infoRouter. Make sure that the number of users you select from LDAP groups do not exceed your infoRouter user license count.
This service can also be managed from the NT Services Manager. Please make sure that the local service account used to run this service is a domain account capable of accessing the directory services.
The LDAP Synchronization Manager program is installed in the following path:
C:\Program Files\Active Innovations\infoRouter LDAP Synchronization Service
The settings specified in the setup wizard are recorded in a configuration file that can be found in the following path:
C:\Program Files\Active Innovations\infoRouter LDAP Synchronization Service\irLDAP.config
You may edit this file to make minor changes or simply launch the LDAP Synchronization Manager program from the start menu and use the wizard again.
The LDAP Synchronization Manager configuration file looks something like the following:
The scheduled period parameter indicates how often the synchronization will run. In the example above, the number is set to 15 minutes. This default value should not be set lower in environments that have large number of users.
The LDAP Synchronization Manager program keeps a daily log of events as it tries to synchronize LDAP users to infoRouter. This log file can be found in the application path:
C:\Program Files\Active Innovations\infoRouter LDAP Synchronization Service\logs
A typical log file will look like the following
03:50:11 Successfully connected to NT Domain : ACME 03:50:11 Attempting to connect to infoRouter. 03:50:13 Successfully connected to the inforouter web service. 03:50:13 Total number of users found in selected LDAP Groups: 4 03:50:13 Group: Managers successfully created. 03:50:13 1 Groups successfully imported into infoRouter 03:50:13 4 Users already exist in infoRouter 03:50:13 User synchronization finished with success. 03:55:58 Successfully connected to NT Domain : ACME 03:55:58 Attempting to connect to infoRouter. 03:55:58 Successfully connected to the inforouter web service. 03:55:58 Total number of users found in selected LDAP Groups: 4 03:55:58 User: joe successfully created. 03:55:58 User: mary successfully created. 03:55:58 User: John successfully created. 03:55:58 User: Sandra successfully created. 03:55:58 Group: Managers successfully created. 03:55:58 1 Groups successfully imported into infoRouter 03:55:58 4 Users successfully imported into infoRouter 03:55:58 User synchronization finished with success. 04:11:40 Successfully connected to NT Domain : ACME 04:11:40 Attempting to connect to infoRouter. 04:11:41 Successfully connected to the inforouter web service. 04:11:41 Total number of users found in selected LDAP Groups: 4 04:11:41 4 Users already exist in infoRouter 04:11:41 User synchronization finished with success.
Use this log file to verify the synchronization process. Any errors encountered during the process will also be recorded in this log file.
If you make changes in how your LDAP user groups are arranged, make sure to stop the LDAP Synchronization Service before doing so. The service runs through the members of the chose LDAP groups and decides on which members are to be added to infoRouter and which users are to be disabled in infoRouter.
If the service runs while you are moving users around, certain users may be disabled in infoRouter.