Filter
Top Products
Chapter 4: Configuration
724-746-5500 | blackbox.com
Page 39
4.8.5 Users > Active Directory
To simplify integration alongside existing systems within organizations, ServSwitch iPATH can be synchronized with an LDAP/
Active Directory server. This allows a list of users (and user groups), together with usernames and group memberships to be
quickly imported and kept up to date.
4.8.5.1 Initial Configuration
The basic Active Directory (AD) server details are defined in the Dashboard > Settings page. Once configured, the Users > Active
Directory page (called “Import Users from Active Directory”) will allow you to scan the AD server for a list of folders and users/
groups within those folders.
4.8.5.2 Choosing Users and Groups
Once scanned, the “Import Users from Active Directory” page shows all folders that are available on the AD server.
1 Use the “Include Users” and “Include Groups” checkbox columns on the right hand side of the folder lists to select which
items to import (with optional additional LDAP filters where necessary).
• IfanADuserwasnotintheServSwitchiPATHuserdatabase,theywillbeimported.
• IfanADuserisalreadyintheServSwitchiPATHuserdatabase,theyarekept.
• IfanADuserisNOTmarkedforimport/syncfromtheADimportpage,andtheyalreadyexistintheServSwitchiPATHuser
database, they will be removed from the ServSwitch iPATH user database during the sync operation.
IMPORTANT: It is vital to ensure that all users you want in the ServSwitch iPATH system are always selected for import/sync,
otherwise they will be removed.
2 You can choose to synchronize immediately or to preview the results of your settings:
• Clickthe“Preview”buttontoviewthelistofusersthatwillbeadded/updated/removedonthissynchronization.Once
previewed, you can either go ahead with the sync or return to the filter page and edit your settings.
• Clickthe“Save&Sync”buttontosynchronizetheselecteditemsintotheServSwitchiPATHuserdatabase.
Note: ServSwitch iPATH will only import folders/groups/users up to the limit set by the AD server. There is a known issue:
ServSwitch iPATH can only import x users/groups from AD where x is the limit set on the AD server. Any users/groups beyond this
limit will not be imported.
4.8.5.3 Active Directory Tips
• AbackupscheduleisrecommendedsothatanychangesontheADserverarecarriedacrosstotheServSwitchiPATHserver
regularly. You can choose from hourly/daily or weekly syncs. The settings/filters saved on this screen will be applied to each
subsequent sync, ensuring that your list of users is kept accurate.
• TotemporarilyremoveaparticularuserfromServSwitchiPATHaccess,withouthavingtomakecomplicatedLDAPfilters,simply
edit the ServSwitch iPATH user to be suspended (see Users > Add User or Configure User page). Even though they will
continue to be imported/synced from AD, they will be prevented from logging on.
• AllLDAPfiltersshouldbeself-contained,e.g:(!(cn=a*))
• Besuretosaveanychangesmadetothesyncsettingsbeforeclickingthe“sync-now”option.Otherwise,thenextscheduled
sync operation will overwrite any user changes you made in your “sync-now.”
• UsergroupsareonlyimportedfromADtoServSwitchiPATHiftheycontainusersthataresettobeimportedtoo(i.e.agroup
will not be imported, even if it contains users, unless its users match the sync filters).
• AssociationsbetweenusersandusergroupscanonlybemadeontheADserver-itisnotpossibletoedituser/user-group
membership for AD users/groups on the ServSwitch iPATH server.
• Usersandgroupsaretechnically“synchronized”ratherthan“imported”-eachtimeasynctakesplace,detailsareupdated
and if a user no longer matches the sync filters, they will be removed from the ServSwitch iPATH user list.