Top

Pesquisar no Centro de Ajuda

Navegar na Base de Conhecimento

Provisioning of company members via an Active Directory (LDAP Connector)

Yves MAZURIER
Atualizado
  1. Rainbow Help Center
  2. Administração
  3. Company Customization
Important: This connector is currently only available for Early Adopter (a specific license is needed). Please contact the Rainbow Support Team if you need more information.
Current connector for Early Adopters is version 1.6.5 available here

This article allows company administrators to synchronize the company directory in Rainbow with the Active Directory located in company premises. Synchronization is unidirectional (one-way) from Active Directory to Rainbow.

After synchronization is successful:

  • Company members in Active Directory are automatically created in Rainbow with a company subscription (i.e. the Rainbow license assigned to new members in company).
    Company member creation fails when there are no more Rainbow licenses available for the company.
  • Company member settings for which an AD/Rainbow mapping has been defined (see: Configuring AD/Rainbow attribute mapping) are automatically updated in Rainbow.
  • Company members deleted in Active Directory are automatically deleted in Rainbow.
  • Optionally (if enabled in Rainbow), contacts in Active Directory are automatically created in Rainbow.

Synchronization is performed by the Rainbow LDAP Connector deployed in company premises, and configured using the Rainbow application and company management menu: see: Accessing the AD/LDAP connector administration window.

The Rainbow LDAP Connector deployment in company premises consists in:

  1. Installing the Rainbow LDAP Connector (*.exe file) on the Active Directory server or another server connected to the Active Directory server. A Rainbow shortcut and icon are available on the host server.
  2. Starting the Rainbow LDAP Connector via the Rainbow shortcut or icon, and login in with a Rainbow administrator account and Enterprise license.
    After login, a local status of the Rainbow LDAP Connector is available: see: Monitoring the Rainbow LDAP Connector running status.
    Note: The Single Sign-On (SSO) service must be enabled for the company.

From the Rainbow application and company management menu, the configuration operations of Rainbow LDAP Connector consists in:

  1. Declaring the access settings to Active Directory: see: Configuring access to Active Directory
  2. Selecting the Active Directory users, and optionally the contacts, to be synchronized: see: Selecting the Active Directory objects to be synchronized
  3. Optionally, modifying the predefined attribute mapping between Active Directory and Rainbow: see: Configuring AD/Rainbow attribute mapping
  4. Configuring synchronization with Active Directory (scheduled, immediate or for test only): see: Configuring synchronization with Active Directory
  5. Enabling/disabling scheduled synchronization with Active Directory: see: Enabling/disabling scheduled synchronization with Active Directory
  6. Optionally, enabling/disabling enrollment email to new users created in Rainbow: see: Enabling/disabling enrollment email to new users

The scheduled and immediate synchronizations automatically generate reports available for download: see : Monitoring synchronization reports from Rainbow.

Prerequisites:

  • For Early adopter phase the company is granted with an Early Adopter license.
  • The default license assigned to new company members is Business or Enterprise.

Accessing the Rainbow LDAP Connector management window

  1. From the Rainbow administration interface, click on Manage your company mceclip0.png at the bottom of the left panel.mceclip1.png
  2. In the left panel, click on My company, then Members.mceclip0.png
  3. Click on Import.
    An LDAP icon ldap.png is displayed when the Rainbow LDAP Connector is connected to Rainbow.
  4. Click on LDAP icon.
    The Rainbow LDAP Connector management page opens.mceclip4.png

The software version and connection status of Rainbow LDAP Connector are displayed at the top of the window. Status can be either Pending (when not yet connected to Rainbow) or Running (when connected).

mceclip3.png

Available actions are:

  • To remove connection: click on icon mceclip1.png to the right of the Status column. This allows to connect and register a new Rainbow LDAP Connector to Rainbow (e.g. after a host computer change).
  • To refresh connection status: click on icon mceclip2.png to the right of the Status column.

Configuring access to Active Directory

  1. From the Rainbow LDAP Connector management window, in the LDAP connector section, configure the following fields:
    • Login and Password: enter the LDAP authentication credentials used by the Rainbow LDAP Connector to access the Active directory (use LDAP syntax for Login entry).
    • Hostname or IP address: enter the IP address or URL to access the Active Directory server.
      If a URL is entered, syntax is: ldap://<hostname of the Active Directory server>:[port] where :[port] is used to specify a non-standard port number.

      mceclip0.png

  2. Click on Update.

Selecting the Active Directory objects to be synchronized

  1. From the Rainbow LDAP Connector management window, in the Users Selector section, select the Active Directory users to be synchronized:
    • Base DN: enter the root domain where the Active Directory users are located (use LDAP syntax).
    • Filter: optionally, apply a filter to synchronize only a subset of Active Directory users (use LDAP syntax for filter definition). By default, all users in Active Directory (person objects) are synchronized. mceclip1.png
  2. Optionally, in the Business Directory Selector section, select the Active Directory contacts to be synchronized:
    • Base DN: enter the root domain where the Active Directory contacts are located (use LDAP syntax).
    • Filter: optionally, apply a filter to synchronize only a subset of Active Directory contacts (use LDAP syntax for filter definition). By default, all contacts in Active Directory (contact objects) are synchronized.
  3. Click on Update.

Configuring AD/Rainbow attribute mapping

Attribute mapping defines the correspondence between the attributes of Active Directory and the attributes of Rainbow. Two different mapping tables must be configured for users and contacts.

To define an attribute mapping table:

  1. From the Rainbow LDAP Connector management window, in the Users Selector section (or Business Directory Selector section for contacts), click on Define Attribute Mapping:
    Example of mapping table for users:mceclip1.png
  2. For each Rainbow attribute to be mapped, select the corresponding Active Directory attribute in the LDAP Attribute column.
    For user attribute mapping only: when the company is associated to a PBX equipment, and Active Directory includes PBX telephone settings, following Rainbow attributes can be configured to retrieve PBX telephone settings:
    • pbxInternalNumber to retrieve the phone set numbers
    • pbxShortNumber to retrieve internal numbers
    • number to retrieve the public numbers
  3. Click on Apply to validate changes and close the mapping table.

Configuring synchronization with Active Directory

Synchronization can be:

Warning: Before starting the first synchronization with Active Directory, when the company exists in Rainbow, it is recommended to back up locally company members in a CSV file. For details: see: Bulk provisioning of company members. The first synchronization may result in unexpected changes for existing company members (e.g. company members are deleted).

Launching a synchronization for test

From the Rainbow LDAP Connector management window, in the Users Selector section (or Business Directory Selector section for contacts), click on Dry run.

A user or contact import simulation in Rainbow is performed, and a report is displayed indicating how many users or contacts will be added/modified, detached (for users only), or deleted. If the result is correct, click on Synchronize to launch an immediate synchronization.mceclip5.png

Launching an immediate synchronization

From the Rainbow LDAP Connector management window, in the Users Selector section (or Business Directory Selector section for contacts), click on Sync now.

Programming periodic synchronization

To program a periodic synchronization:

  1. From the Rainbow LDAP Connector management window, in the Synchronization period (hour) field, enter the interval time (in hours) between two synchronizations.
  2. In the Next synchronization field, enter the date and time of the next synchronization.
  3. In case of large organization, select Differential synchronization mode to reduce the response size of LDAP query. When selected, at next synchronization, LDAP query only requests the users created or modified since the last synchronization.mceclip1.png
  4. Click on Update.

Enabling/disabling scheduled synchronization with Active Directory

Scheduled synchronization can be enabled or disabled for Active Directory users only, or for contacts only.

  1. From the Rainbow LDAP Connector management window, in the Users Selector section (or Business Directory Selector section for contacts), select or unselect Users synchronization enabled:mceclip2.png
  2. Click on Update.

Enabling/disabling enrollment email to new users

  1. From the Rainbow LDAP Connector management window, in the Users Selector section, select or unselect Send enrollment email to new users.
    If enabled, new users are notified by email they have a user account in Rainbow.mceclip3.png
  2. Click on Update.

Monitoring synchronization reports from Rainbow

  1. From the Rainbow administration interface, click on Manage your company mceclip0.png at the bottom of the left panel.mceclip1.png
  2. In the left panel, click on My company, then Members.
  3. Click on Sync reports.mceclip3.png

In Done by column, ldap connector indicates the report concerns an Active Directory synchronization.

In Description column, manual_synchro indicates an immediate synchronization and auto-interval a scheduled synchronization.

Available actions are:

  • To consult a report: click on the target report. It lists all the synchronization tasks (users created, updated and deleted) and their status (success, warning, failure).
  • To download a report: click on the target report, then Save Reports, and download it in Excel format.
  • To delete a report: click on icon mceclip1.png to the right of the target report.

Monitoring the Rainbow LDAP Connector running status

From the host server, click on the Rainbow icon available on desktop.

A status window opens.

mceclip6.png

The status window displays:

  • The Rainbow LDAP Connector software version
  • The associated Rainbow company name
  • The connection status to Rainbow Cloud
  • The connection status to Active Directory
  • A link to access Log files
  • The last synchronization date/time
  • The last synchronization digest report (LDAP response records/selected records)

Comentários

0 comentário

Artigo fechado para comentários.

Esse artigo foi útil?
Usuários que acharam isso útil: 1 de 1
Mantenha-se informado sobre as atualizações!
Be informed by email of any new comment or update to this article
Compartilhe este artigo!
Você acha este artigo interessante? Compartilhe-o em redes sociais.

Ainda não consegue encontrar o que você precisa?

  • Contate-nos

    Você tem alguma pergunta sobre o Rainbow? Deixe-nos uma mensagem para obter mais informações.

    Contato

  • Pergunte à Comunidade

    Você precisa de ajuda? Faça suas perguntas na Comunidade para obter respostas de outros usuários do Rainbow.

    Enviar mensagem