Setting up LDAP synchronization

To enable LDAP authentication, synchronization with the LDAP server must also be enabled. Edit values in the common.properties file and the ldap.properties file to enable synchronization.

About this task

To perform the basic configuration for LDAP authentication, complete the following steps:

Procedure

  1. Click Admin > Edit properties file.
  2. Ensuring that you are editing the common.properties file, edit the following properties
    authentication.LDAP
    To enable or disable LDAP authentication.
    True
    LDAP user authentication is enabled.
    Note: Each time the synchronization with Active Directory takes place the users and user groups are deleted from the IBM® BigFix® Remote Control database and then imported from Active Directory. Therefore, if LDAP is enabled, new users and new user groups must be created in Active Directory and not in IBM BigFix Remote Control.
    False
    LDAP user authentication is not enabled. Users are authenticated against the IBM BigFix Remote Control database.
    authentication.LDAP=true
    authentication.LDAP.config
    Defines the file that contains the LDAP configuration properties.
    authentication.LDAP.config=ldap.properties
    sync.ldap
    Synchronize the users and groups from Active Directory with the IBM BigFix Remote Control database. Takes the values true, to synchronize or false, for no synchronization.
    True
    The LDAP server is synchronized with the IBM BigFix Remote Control database to reflect any changes that are made in LDAP.
    False
    No synchronization takes place. If synchronization is disabled, you must manually import the users into the IBM BigFix Remote Control database. Otherwise, they cannot log on to the IBM BigFix Remote Control server. The users must exist in the IBM BigFix Remote Control database so that they can be associated with the relevant permissions that are required to establish remote control sessions.
    Note: The synchronization is performed by running a scheduled task. The task pulls the LDAP information from the LDAP server and updates the database with any changes that are made to the user or group information. Within the trc.properties file, two attributes define the time interval that the scheduler uses to check for scheduled tasks.
    scheduled.interval
    The frequency hat the server must check for scheduled tasks. The number of units of time between each checking period. Default is 60.
    Note: If you change this value, restart the server service for the new value to take effect.
    scheduled.interval.period
    The unit of time to be used along with the scheduled interval to specify how often the server must check for scheduled tasks. Default is minutes.
    The scheduled.interval attribute is set to 60 as default and the scheduled.interval.period set to minutes, that is, the server checks for and runs any scheduled tasks every 60 minutes. To accurately reflect any changes to the users or groups, set the scheduled.interval attribute to a lower value so that the synchronization can occur more frequently.
  3. Click Submit.