LDAP Sync Service

Related Video: LDAP Sync Service

Note: February 2020 Release: Read about the latest LDAP Sync Service Upgrade. Use the Table of Contents to jump to Upgrade Instructions for both new and existing tenants at the bottom of this page.


LDAP Sync Service can be installed to an on-prem network environment that has Active Directory configured. The service provides a continuous one-way sync from an active directory to KACE Cloud MDM.

Once the LDAP Sync Service is installed to an on-prem network environment, administrators can pre-populate KACE Cloud MDM with their user database based on selected users, attributes, and settings. And with multi-forest support, administrators can install an instance of the LDAP client onto each forest they want to sync with KACE Cloud MDM.

1. Download LDAP Sync Service

  1. Sign in to KACE Cloud MDM.
  2. Go to Settings in top navigation.
  3. In left navigation, select LDAP Sync Service.
    • Confirm that you have the most recent version of the client.
  4. Download the LDAP Sync Service Client, then open it.

2. Log in to KACE Cloud MDM

  1. Enter your Domain Name.
  2. Enter your Login and Password.
  3. Click Next.

3. Define Custom Fields

Create custom user fields so that user fields can be mapped to them.

  1. Click Define Custom Fields.
  2. Click New.
    • Use the form to create custom user fields.
  3. When completed, click OK.
  4. When finished defining custom fields, click Next.

4. Configure Domains

To Add a Domain

  1. Click Add.
    • This action will open the Edit Domain modal.
  2. Enter LDAP credentials for the domain to be added.
  3. Add a Forest.
  4. Select the domain out of the forest that you wish to add.
  5. When completed, click Next.

To Edit a Domain

  1. Click Edit.
    • This action will open the Edit Domain modal.
  2. Enter LDAP credentials for the domain to be edited.
  3. Edit domain, OUs, and/or attributes, clicking Next to move through sections.
  4. In the Confirm Selections section, click Save to save the new configuration settings back to KACE Cloud.
    • When complete, the Edit Domain window will close.
  5. In the original workflow, click Next, then click Configure Service to update the local configuration settings.

To Claim a Domain

To synchronize the current machine to the selected domain, the admin must 'Claim' the domain.

  1. Select a domain.
  2. Click Claim.
  3. Enter LDAP credentials for the domain you wish to claim.
  4. When complete, click Log in, then OK.

After logging in, the admin will be returned to the Configure Domains tab of the wizard, and the Forest and Service Host information will be filled in.

Once claimed, an admin has the option to add, edit, and delete domains. And with multi-forest support, an admin can install the LDAP Sync Service on a client computer in additional active directory forests to configure LDAP sync settings for the domains in those forests.

IMPORTANT: The information shown on the Configure Sync Service tab represents only the LDAP configurations that are on the current machine. An admin may have a view into multiple domain-forest setups being synchronized to other machines on the Select Domains page, but when it comes to configuring the sync service, it will only apply to LDAP configurations on the current machine.

To Delete a Domain

  1. In the Configure Domains section, select the domain you'd like to delete.
  2. Click Delete.
  3. Confirm that you would like to Delete the domain.
  4. In the Confirm Selections section, click Save to save the new configuration settings back to KACE Cloud.

5. Configure Sync Service

After the domain configuration steps are completed, click Next to configure the sync service.

IMPORTANT: The information shown on the Configure Sync Service tab represents only the LDAP configurations that are on the current machine. An admin may have a view into multiple domain-forest setups being synchronized to other machines on the Select Domains page, but when it comes to configuring the sync service, it will only apply to LDAP configurations on the current machine.

The status of the LDAP configuration will show up as True or False in the Connected column.

  1. Select a domain.
  2. Click Connect.
  3. Enter LDAP credentials.
  4. Click Log in, then OK.

Any LDAP configuration with a connected status of True can be configured using the Configure Service workflow.

Once all domains show a connected status of True, changes have been successfully saved. This means the LDAP Sync Service has been started and the upgrade process is complete.

Click OK, then Close to end the upgrade wizard.

 


Upgrade: New Tenant

To set up a new tenant, an admin can use steps 1 through 5 in the primary set-up wizard shown above.

Overview:

  1. Download LDAP Sync Service (v2.16.134.0).
  2. Log in to KACE Cloud MDM.
  3. Define Custom Fields.
  4.  Configure Domains:
    • Add / Edit / Claim / Delete
  5. Confirm Selections.

 


Upgrade: Existing Tenant

From a previously installed version of LDAP Sync Service, an admin can configure the upgraded version.

Download LDAP Sync Service

Download the latest version of the LDAP Sync Service Client.

  1. Run the installer for the new version of LDAP Sync Service.
  2. Open the LDAP Sync Service client and log in.

The upgraded version will remove any saved credentials, so the admin will need to have the following information on hand during the upgrade:

  • KACE Cloud sign-in:
    • Tenant name ( [subdomain].kacecloud.com )
    • Email Address and Password for tenant
  • Configure Sync Service sign-in:
    • LDAP credentials
    • Active Directory domain
    • Username and Password

IMPORTANT: The upgraded version retains the tenant's custom mappings, so once logged in, an admin will see saved configurations that can be viewed, edited, or removed—as well as having the opportunity to add new configurations. However, no configuration is required to complete the upgrade—an admin only needs to log in, claim any domains, and save to complete the initial upgrade process.

Once logged in, the upgrade wizard will start by fetching LDAP sync settings from KACE Cloud MDM.

Define Custom User Fields

The ability to define custom user fields has been moved up in the configuration process to a top-level function. The admin will want to use the same custom fields across all domains, so defining them up front helps ensure that they remain consistent during configuration. The admin can add new, edit, or remove custom fields at this stage.

Caution: Removing a custom field will remove all associated mappings across all synchronized domains.

Configure Domains

On the Configure Domains tab, an admin will now see columns for Forest and Service Host that are being synchronized to the domain. During the upgrade, these fields will be blank because they were not previously tracked in the LDAP Sync Service.

To synchronize the current machine to the selected domain, the admin must 'Claim' the domain.

  1. Select a domain.
  2. Click Claim.
    • The admin will be presented with a login screen to enter LDAP credentials for the domain they wish to claim.
  3. When complete, click Log in, then OK.

After logging in, the admin will be returned to the Configure Domains tab of the wizard, and the Forest and Service Host information will be filled in.

Once claimed, an admin has the option to add, edit, and delete domains. And with multi-forest support, an admin can install the LDAP Sync Service on a client computer in additional active directory forests to configure LDAP sync settings for the domains in those forests.

Configure Sync Service

After the domain configuration steps are completed, click Next to configure the sync service.

IMPORTANT: The information shown on the Configure Sync Service tab represents only the LDAP configurations that are on the current machine. An admin may have a view into multiple domain-forest setups being synchronized to other machines on the Select Domains page, but when it comes to configuring the sync service, it will only apply to LDAP configurations on the current machine.

The status of the LDAP configuration will show up as True or False in the Connected column.

  1. Select a domain.
  2. Click Connect.
  3. Enter LDAP Login credentials.
  4. Click Log in, then OK.

Any LDAP configuration with a connected status of True can be configured using the Configure Service workflow.

Once all domains show a connected status of True, changes have been successfully saved, and the LDAP Sync Service has been started, the upgrade process is complete.

Click OK, then Close to end the upgrade wizard.