Adding Users from LDAP Server

Navigation:  Working with DW Spectrum > Users and User Roles >

Adding Users from LDAP Server

Previous pageReturn to chapter overviewNext page

LDAP integration allows a DW Spectrum Administrator to link a pre-existing user database to the System, keeping existing LDAP domain usernames and passwords, and providing the option to assign specific User Roles and access rights during import. For security reasons, the VMS does not keep LDAP passwords. The following LDAP servers are available:

Microsoft Active Directory

Open LDAP Server

JumpCloud

After an LDAP user is enabled in DW Spectrum they will be able to log in to DW Spectrum using their LDAP domain username and password. However, user permission levels are not imported – you will need to define and assign the desired authority structure in DW Spectrum for all LDAP users. Once a DW Spectrum Administrator is defined they will be able to fetch other LDAP users and configure their LDAP settings. (Note that it is not possible to import an LDAP user into an Owner role.)

The DW Spectrum Media Server attempts to synchronize with the LDAP/AD server once every 10 minutes so that changes there are reflected in the VMS System.

! IMPORTANT: If the LDAP server is not available, LDAP users will not be able to log in.

Setting Up LDAP Integration

To be able to import users and allow them to connect to DW Spectrum, it is necessary to establish a connection between DW Spectrum and the corporate LDAP server. The LDAP server does not have to be a part of the LAN the Media Server is on, but it must be available for the Media Server either on LAN or via WAN. This integration should be performed by, or in cooperation with, the Network (Domain) Administrator. To use LDAP over SSL most likely you will be required to change certificates or to install certificates to both the LDAP Server and the Media Server.

note Note: When configuring LDAP integration, you cannot specify the domain's base distinguished name (DN) as a search base, but you can specify the organizational units (OU's) underneath the base DN because it is not possible to filter on OU membership, but you can filter on group membership. To retrieve all users that are members of a specified group, filter on the memberOf attribute. For example: memberOf=CN=Security Users,CN=Users,DC=DOMAIN,DC=LOCAL.

1.From System Administration, go to the Users tab and click LDAP Settings.

2.Enter the following information (consult with your Network or Domain Administrator if needed): Server URL or IP address, Admin DN or CN, Password, Search Base, (optional) Search Filter (optional), and Search Timeout. An LDAP port can also be required if it is not the default, for example ldap://ldapServerUrl:Port or ldap://IP:Port. The search filter is optional and is used to filter users on the server side (special LDAP syntax is needed). The example below illustrates the most simple filter.

Setting Up LDAP Integration - 1

! IMPORTANT: If using a server URL, it should be a fully qualified domain name (FQDN), sometimes also referred to as an absolute domain name. See https://en.wikipedia.org/wiki/Fully_qualified_domain_name for details.

3.Click Test. If the test is successful, the server will return the number of LDAP users found (Search Filter will be pre-applied).

Importing Users from LDAP Server

After LDAP integration is complete it is possible to import LDAP users into DW Spectrum. If available, name and email address information will be imported.

1.Open System Administration > Users tab and click Fetch Users from LDAP. The list of LDAP users found on the server will be displayed.

2.Select user(s) to be imported, using the Search filter if desired.

3.If needed, enable or disable LDAP users (see "Disabling/Enabling Users") and assign the appropriate User Roles (see "Changing User Settings").

note Note: LDAP users must successfully log into the Desktop Client one time to be able to login to the Web Client.