Overview of LDAP server synchronization
To synchronize an LDAP server to the NexJ CRM server, you must first create and configure the sync target for the LDAP server, then configure the user and user group links, which are automatically created but filled with default values.
The server is the main location for the information that is stored, while each link points to a location within the server where user or user group data is stored.
LDAP servers can only be involved in inbound synchronization, not in outbound synchronization, which means that the information in NexJ Customer Relationship Management will be updated according to the information on the LDAP server, but changing information in NexJ CRM will not affect the LDAP server.
Synchronization with the LDAP server occurs automatically at set intervals, though you can also perform a manual synchronization from this page. All updates to the LDAP server (creations, modifications, deletions) are synchronized to NexJ CRM. This synchronization only updates users that are synchronized with this LDAP server.
You can set up LDAP server synchronization in either a single-domain environment or a multi-domain environment. When setting up synchronization in a multi-domain environment, you should give your NexJ Customer Relationship Management server access to your LDAP Global Catalog.
User and email synchronization details
NexJ differentiates between users created in the application and those from synchronization with an LDAP server.
When new users are synchronized to the NexJ server from the LDAP server, each user's attributes that are accessed from the LDAP server, such as first and last names, are uneditable in NexJ CRM or NexJ Admin Console. However, the user details that were not taken from the server are still editable.
There is a conflict when a user in the LDAP server is created independently in NexJ Admin Console with the same login name. The conflict is resolved by merging the two users.
When an LDAP user has been deleted (or removed from a synchronized group), the corresponding NexJ user is soft-deleted (removed from the application, but not from the database). When this LDAP user is recreated (or added back to a synchronized group), the corresponding NexJ user is restored to the active status.
Email addresses for a user are also synchronized from LDAP to NexJ. If the NexJ user does not have a default email address, then it is set to the default LDAP email address. Also, deleting emails in the LDAP server only affects the emails which have been synchronized from LDAP. The emails created in NexJ CRM will not be removed.
All emails that are synchronized from the LDAP server will become read-only tasks in NexJ CRM, and will only be updated or deleted through the LDAP server.
The LDAP synchronization will work best if the users and user groups are kept in separate folders, and if the folders you search contain nothing but the objects that should be synchronized (users or user groups).
Adding and configuring LDAP sync targets
To configure NexJ CRM to synchronize with an LDAP server, you must first set up a sync target to the LDAP server.
To add and configure an LDAP sync target in NexJ Admin Console:
You have set up a sync target for the LDAP server.
Before synchronization can take place, you must next configure the user link and user group link for the sync target.
Configuring links
Every LDAP server is given two links: LDAP user group link and LDAP user link.These two links point to where the information related to user groups and users is stored, respectively. To configure either of these two, follow these steps:
After you have finished configuring the LDAP server synchronization, you must synchronize with the server once to establish group mapping (see step 6) before being able to synchronize users.
Configuring LDAP group mappings
In the LDAP Group Mapping tab, you can configure the user groups that will be synchronized and how they will be synchronized.
The NexJ server must have been synchronized once to the LDAP server before you begin configuring the user groups.
If you have not yet synchronized once with the server, no groups will appear. Click the Get Snapshot From the External System button at the top of the LDAP Server list in the LDAP Group Mapping tab to sync the LDAP user group link. Note that you cannot use this button to sync the LDAP user link; to do this, you must use the button in the Synchronization tab.
Each row displays the current properties and settings of one group:
Name
The name of the group, as it is identified in the LDAP server.
Synchronize Users
This checkbox allows you to enable and disable the synchronization of this group of users. If checked, all users who belong to this group will be synchronized with the NexJ server.
A user may belong to different user groups. As long as one of the groups to which he or she belongs has synchronization enabled, the user will be synchronized. This includes group hierarchies: if a user belongs to a group that is synchronized, then the user will also be synchronized, even if the intermediate group's Synchronize Users checkbox is not checked.
Description
A brief text description of the group.
User Template
The user type that will be used when creating new users of this group.
Priority order for User Template choice
Because a user may belong to different groups, there may be a conflict between which user type to assign to the user because of different values in the User Template field. This is resolved by setting priority values to the different groups; a lower number indicates a higher priority for the group.
Manually synchronizing LDAP servers or links
You can manually synchronize LDAP servers and links without affecting the periodic automatic synchronization.
To manually synchronize the LDAP server without affecting the periodic automatic synchronization: