Configure LDAP Sync Service

Related Video: LDAP Sync Service

LDAP Sync Service can be installed to an on-prem network environment that has Active Directory configured. The service provides a continuous one-way sync from an active directory to KACE Cloud.

Once the LDAP Sync Service is installed to an on-prem network environment, administrators can pre-populate KACE Cloud with their user database based on selected users, attributes, and settings. And with multi-forest support, administrators can install an instance of the LDAP client onto each forest they want to sync with KACE Cloud.

1. Sign in to KACE Cloud.
2. If you want to set a default password for the users that you import into KACE Cloud using the LDAP Sync Service:
   1. On the Settings tab, navigate to KACE Cloud > Settings.
   2. On the KACE Cloud Settings page, in the Users section, ensure the Use a default user password for users imported via LDAP Sync check box is configured appropriately.
      • If you already imported users into KACE Cloud through LDAP Sync, and you select this check box, the default password is not set for those imported users.
      • The default password is only set for the users imported after you enable this setting.
   3. On the KACE Cloud Settings page, click Save.

      For more information about this page, see Explore KACE Cloud Settings.

3. Download the LDAP Sync Service Client.
   1. On the KACE Cloud Settings page, select Integrations > LDAP Sync Service.
      • Confirm that you have the most recent version of the client.
   2. Download the LDAP Sync Service Client, then open it.

      

4. Log in to KACE Cloud.
   1. Enter your Domain Name.
   2. Enter your Login and Password.
   3. Click Next.

      

5. Create custom user fields so that user fields can be mapped to them.
   1. Click Define Custom Fields.
   2. Click New.
      • Use the form to create custom user fields.
   3. When completed, click OK.
   4. When finished defining custom fields, click Next.

      

6. Configure domains.
   1. To add a domain:
      1. Click Add.
         • This action will open the Edit Domain modal.
      2. Enter LDAP credentials for the domain to be added.
      3. Add a Forest.
      4. Select the domain out of the forest that you wish to add.
      5. When completed, click Next.

         

   2. To edit a domain:
      1. Click Edit.
         • This action will open the Edit Domain modal.
      2. Enter LDAP credentials for the domain to be edited.
      3. Click Edit.
      4. Edit domain, OUs, and/or attributes, clicking Next to move through sections.

         

      5. Select user OUs. An admin can decide which parts of the domain they'd like to sync by adding or removing organizational units or containers, or even entire domains.

         

      6. Map attributes. An admin can also map LDAP attributes to pre-defined or custom KACE Cloud user fields that can be managed during the Add or Edit workflows.

         

      7. On the Confirm Selections tab, click Save to save the new configuration settings back to KACE Cloud. When complete, the Edit Domain window closes.
      8. To synchronize the current machine to the selected domain, the admin must Claim the domain.
         1. Select a domain.
         2. Click Claim.
         3. Enter LDAP credentials for the domain you wish to claim.
         4. When complete, click Log in, then OK.

            

            After logging in, the admin will be returned to the Configure Domains tab of the wizard, and the Forest and Service Host information is populated.

            

            Once claimed, an admin has the option to add, edit, and delete domains. And with multi-forest support, an admin can install the LDAP Sync Service on a client computer in additional active directory forests to configure LDAP sync settings for the domains in those forests.

            The information shown on the Configure Sync Service tab represents only the LDAP configurations that are on the current machine. An admin may have a view into multiple domain-forest setups being synchronized to other machines on the Select Domains page, but when it comes to configuring the sync service, it will only apply to LDAP configurations on the current machine.

      9. To delete a domain:
         1. In the Configure Domains section, select the domain you'd like to delete.
         2. Click Delete.
         3. Confirm that you would like to Delete the domain.

         4. In the Confirm Selections section, click Save to save the new configuration settings back to KACE Cloud.

            

7. Configure sync service. After the domain configuration steps are completed, click Next to configure the sync service.

   The information shown on the Configure Sync Service tab represents only the LDAP configurations that are on the current machine. An admin may have a view into multiple domain-forest setups being synchronized to other machines on the Select Domains page, but when it comes to configuring the sync service, it will only apply to LDAP configurations on the current machine.

   The status of the LDAP configuration will show up as True or False in the Connected column.

   1. Select a domain.
   2. Click Connect.
   3. Enter your LDAP Login and Password.

      When specifying your login name, you must use the following format to include fully quallified domain name (FQDN): <user_name>@<FQDN>. Failing to do so results in a successful connection, however, it prevents the LDAP sync service from uploading any accounts to KACE Cloud.

   4. Click Log in, then OK.

      

      Any LDAP configuration with a connected status of True can be configured using the Configure Service workflow.

      

      Once all domains show a connected status of True, changes have been successfully saved. This means the LDAP Sync Service has been started.

   5. Click OK, then Close to end the wizard.