Skip to main content
Version: 16.1

Set Up Periodic Synchronisation of Users with LDAP

ADONIS enables the synchronisation of users with an LDAP-compliant directory service via a scheduled task. Supported authentication mechanisms include LDAP, IDM, SAML, and OIDC. To use this feature, the chosen authentication mechanism (= connector) must be configured to use LDAP coupling.

Users will be created in ADONIS before logging in for the first time. Depending on the configuration, users will be assigned to preconfigured user groups and system roles. Optionally, specific repositories will be assigned to them as their working place and they will be shared with these repositories to make them available as objects in modelling.

The following steps have to be taken to enable synchronisation:

  1. Prerequisites

  2. Set up Synchronisation Schedule

  3. Start Synchronising Users

note

If you set up the authentication mechanism LDAP Authentication before you enable periodic synchronisation of users with LDAP, important parts of the configuration can be reused.

Prerequisites

Before setting up a synchronisation schedule, make sure the following steps are completed:

  • Configure the general LDAP settings and define domain-specific LDAP parameters.

  • Adapt the connector-specific LDAP settings by enabling LDAP coupling and adding a user mapping for your chosen connector.

The procedure is the same as for setting up LDAP authentication - detailed instructions can be found in the LDAP Authentication section.

Set up Synchronisation Schedule

Once all requirements are met, you can set up a synchronisation schedule:

You have two options now:

  • You can configure synchronisation for all domains simultaneously in the right pane, under LDAP Settings, in the Schedule section.

  • Or you can configure synchronisation for a specific domain. Find the domain you want to adjust in the left pane, under LDAP Domains. Hover over the domain, click More, and then select Edit. The settings you want are on the third page, Schedule.

The configuration works in the same way in both cases. Adapt the following parameters:

  • Name: Choose a name for this job (for traceability in the log files).

  • Filter: A filter to narrow down what should be queried from the directory service. For example, set the value to (objectClass=user) to fetch only users.

  • Start node: Define the node in the directory service tree structure that should be used as the starting point for user searches.

    note

    The Sync base DN parameter is used as a fallback when no Start node is defined for the synchronisation job. If neither Sync base DN nor Start node are defined, the Login base DN parameter is used as a fallback.

  • Start at: Optional start date indicating when the schedule should become active. By default, the schedule is active immediately.

  • End at: Optional end date specifying when the schedule should become inactive. After this date, the schedule will no longer be active.

  • Type: Choose the time unit for the synchronisation schedule. Available options include secondly, minutely, hourly, daily, weekly, monthly, or yearly.

  • Interval: Define the frequency of the synchronisation job for schedules based on seconds, minutes, hours or years. Select every how many time units ADONIS performs the job.

  • Day of month: Specify the day of the month when the job should run for monthly schedules.

  • Weekdays: Select the days on which the job should run for daily and weekly schedules as follows:

  • Days: The job runs every day by default, but you can optionally restrict it to specific days of the week.

  • Weeks: The job runs once per week on the selected day.

  • Execution time: Specify the exact hour and minute at which the job should start for daily, weekly and monthly schedules.

Example

Name: my5minSync | Filter: (objectClass=user) | Start node: dc=company,dc=eu | Type: minutely | Interval: 5

Objects are imported from the directory service:

  • every 5 minutes [Type = minutely, Interval = execute every 5 units (= minutes)],
  • if they are user objects [Filter = (objectClass=user)] and
  • if they belong to the node "dc=company,dc=eu" or its children [Start node].

Start Synchronising Users

Save your changes in the ADONIS Administration. Once the changes are saved, they take effect immediately. A restart is not required.

The synchronisation of users will start. Jobs that run at fixed time intervals will be executed immediately and then repeated each time the time interval has passed. Schedules based on days, weeks or months will execute at the specified time.

Run the Synchronisation on Demand

The ADONIS Administration allows you to run the synchronisation on demand. The synchronisation is triggered according to the configuration specified for all configured domains.

  • In the ADONIS Administration, go to Home > More options, and then click Server.

  • Click Start LDAP synchronisation.

(Optional) Tracking Errors

General logging output and errors are written to the files "<Tomcat installation>/logs/ADONIS16_1.log" and "<ADONIS installation/*_aworker.log>". Detailed logging output can be found in the file "<Tomcat installation>/logs/ADONIS16_1_LDAP.log".