The LDAP Authentication app enables you to create user and/or agent accounts from LDAP user records.
You can optionally enable regular syncing of data, so that Deskpro accounts are regularly updated with the latest information from the LDAP directory. If you select this option, data will automatically be pulled from LDAP daily at 1am (as well as when you manually choose to sync, which you can do at any time).
To set up LDAP Authentication for users, go to CRM > User Auth & SSO; to install it for agents, go to Agents > Auth & SSO. If you want to use LDAP for both users and agents, you should install it in both places.
Click on the LDAP Authentication app image or on the Add button tht will appear on it.
Check Yes, enable LDAP Authentication.
Select Enable Auto Sync if required.
Account information is sent one-way, from the LDAP directory to Deskpro only. As a result, if an account was created via LDAP, you should reset its password, change its primary email address or delete it from within the LDAP directory, not from within Deskpro.
In Account Filter Format, you can specify an account filter format here. You can leave this field blank to use the default account filter format, which is: (|(dn=%1$s)(mail=%1$s)(uid=%1$s))
In Server Account, enter the LDAP server name and port.
You must ensure that your LDAP server is accessible to your Deskpro server and not blocked by a firewall etc. Optionally, select the encryption method to use.
The default port if you are not using connection encryption or are using TLS is 389. If you are using SSL encryption, the default is 636.
In Base DN, enter the DN to search from for users. All users below this node will become users/agents in Deskpro.
If you are creating agents, be careful to use the right base DN. Don’t create more agent accounts than you have available on your license.
In Service Account enter the username and password for an account to initially bind to the LDAP directory. The service account must have sufficient permission to run filter queries against the directory. Include the full DN for the account name.
If your LDAP server supports LDAP paging, you can select Enable LDAP Paging.
Enter the LDAP Size Limit for the maximum number of entries per query that your server allows.
(Agent authentication only) Set the Auto agent option. This controls which permissions are granted to agents who are created from LDAP.
(User authentication only) Set the Grant usergroup option. This controls the usergroup granted to users who are created from LDAP.
Click Test Settings and enter the username/email and password of a user who is under the Base DN.
To ensure accounts can be synchronised properly into Deskpro, you must ensure they contain an [email_address] attribute in the directory. This is common place by default in most setups.
If the test is successful, click Save Settings. If it fails, read any error messages, check server settings and try again. You may need to consult the documentation for your LDAP server, or speak to the administrator.
You will now see a Start Sync button below the list of authentication sources. Click it to import the users/agents into Deskpro.
Increasing sync speed
If you are using Deskpro On-Premise and find that syncing is taking a long time, you can increase the speed of the sync process by increasing the PHP memory limit. Edit your php.ini file to set the value for memory_limit to “256M”.
Filtering user records
If you only want to use a subset of the user records in your LDAP repository, use the new Filtering a usersource feature.
Note that you can install multiple versions of the LDAP app if you want to authenticate different groups of users with different permissions.
Additional user data
Your usersource may have additional user data beyond the user’s email address and password: for example, employee numbers, location information, etc.
You can set up Deskpro to copy this data into a custom user field so it is available in your helpdesk when you view each user’s profile.
Make sure the authentication app for the desired usersource is installed in Deskpro and working correctly.
If you have an On-Premise helpdesk on Deskpro build #430 or earlier, open
config.phpin the Deskpro install folder.
Edit this line:
$DP_CONFIG['debug']['enable_usersource_log'] = false;
to say
$DP_CONFIG['debug']['enable_usersource_log'] = true;
This step is not required on later Deskpro versions.
Go to CRM > User Auth & SSO (or Agents > Auth & SSO) and select the app.
Click the Test Settings button. Enter some login credentials for a user in the external usersource which you know are valid.
You will see a results page.
Click Show user data
You will see an encoded list of values that are returned from the usersource.
Make a note of the field name for the value you want to copy into your helpdesk (ignoring any square brackets around it).
Here’s a sample excerpt from an Active Directory app:
In this case, if you wanted to import the highlighted value, you would use telephonenumber as the field name.
Go to CRM > Fields > User Fields. Click +New button and choose the “User Auth Data” field type.
Fill in the title and description.
In Field Name, enter the name of the field as returned from your usersource in step 4.
You can optionally choose to make the field specific to a particular authentication app.
Click Save.
Repeat for any other data fields you require.
If you edited the $DP_CONFIG['debug']['enable_usersource_log'] value in step 2, change it back to false once you are finished.
Working with data collections
If your usersource returns collections of data (e.g., arrays of nested data), you can access sub-elements of a collection by using “dot notation”. For example, given this collection of values:
[example] => Array(
[inner] => Array(
[value1] => Hello
[value2] => World
)) }}) }}
)
copy copyYou can gain access to the “World” value by using the field name “example.inner.value2”.
If you omit the last part of a collection name, DeskPRO will automatically concatenate all values together as a single string.
Please log in or register to submit a comment.