Technical overview and installation procedures
Note: before deploying the LDAP integration in your production environment, you should test your configuration against an isolated Hansoft test server. You can use your live LDAP server with the test server, as the Hansoft LDAP integration only reads from but never writes to the LDAP directory. To run the Hansoft LDAP integration you need to have a Hansoft license with the SDK module enabled. To enable the SDK module on you license or request a SDK sandbox license contact firstname.lastname@example.org.
The Hansoft LDAP Integration runs as a Hansoft SDK client process that logs into the LDAP server to obtain user account information and also logs into the Hansoft server to create and modify Hansoft users. The schematic bellows depicts the hosts involved in a Hansoft environment with LDAP integration and the network connections between them.
The LDAP Integration may also need a third account, for accessing an e-mail server for outbound notifications.
The Installation proceeds roughly as follows (more detailed instructions follow):
1. Create an SDK user in your Hansoft database. The LDAP Integration uses this account to log into the Hansoft server to create and modify users and groups.
2. Create or obtain the credentials for a user account on your LDAP directory server. The LDAP Integration uses this account to log into the LDAP directory and submit its LDAP queries. Note that this account only requires read permissions to the directory.
3. Obtain the network address and port of the SMTP mail-server that the LDAP Integration needs to send out its e-mail notifications. If the server requires authentication, obtain or create the username/password pair that the LDAP Integration is to use.
4. Install and configure the Hansoft LDAP Integration service and enter the preceding information (as well as other configuration settings) into the AuthIntegrationSettings text file that ships with the Integration. The contents of that file are included in the appendix of this document.
5. The first time the LDAP Integration service starts it will synchronize your Hansoft users with the accounts in your LDAP directory. The service then queries the LDAP server at regular intervals and reflects changes to LDAP accounts back to the Hansoft users to which they are matched. Hansoft users can now authenticate Hansoft sessions using their LDAP credentials. For information on how to use Hansoft LDAP integration together with Hansoft shares, please refer to the Hansoft shares documentation.