The LDAP integration allows users and user groups to be synchronized from a directory service to Tosca Commander by using LDAP.

Synchronization is unidirectional from LDAP to Tosca. Existing Tosca users cannot be overwritten with LDAP users of the same name.

The user is automatically logged into Tosca Commander since the LDAP authentication is already carried out at the Windows login.

If you want to run Tosca in a different user context, the login credentials of the user who started the process are used for the LDAP login.

LDAP configuration

LDAP is supported by Microsoft® Windows Server 2003/2008 with Active Directory.

The LDAP integration is activated by default in the Options dialog at Advanced->LDAP authentication (see chapter "Options - Advanced").

In the configuration file TOSCACommander.exe.config at Application Settings you can add settings to the section <Tricentis.TCCore.Base.Properties.Settings> to manage the system's behavior upon synchronization (see chapter "Configuration Files").

If the setting SynchronizeLDAP_CNToUserDesc is enabled, the Common Names (if available) are copied from LDAP to the Description column in the tree view of the user management. If the column already contains text, the name is put in front of the existing text and separated by a semicolon (;). If the user name exists already in the Description column, there will be no input.

LDAPDescription defines the text that is entered into the Description field. A string is specified under <value>. If the string contains already an LDAP field name in curly brackets, this is replaced by its LDAP value. If no string is specified, the setting SynchronizeLDAP_CNToUserDesc is used.

<Tricentis.TCCore.Base.Properties.Settings>
  <setting name="SynchronizeLDAP_CNToUserDesc" serializeAs="String">
    <value>True</value>
  </setting>
<setting name="LDAPDescription" serializeAs="String">
    <value>True</value>
  </setting>
</Tricentis.TCCore.Base.Properties.Settings>

In this example, First name and the person's name are entered into the Description field: <setting name="LDAPDescription" serializeAs="String"> <value>First name: {givenName}</value> </setting>

Company-specific access rules must be taken into consideration before enabling this setting! For security reasons, it may be preferable not to assign real names for user identification.

Synchronize user groups

1. Make sure your project root element is checked out if working in a multiuser environment.

2. Right-click on the project root element and select Synchronize LDAP Objects from the context menu to open the LDAP synchronization.

3. Define the user groups to be synchronized in the Manage LDAP Objects window.

   You can search the directory server for user groups (* can be used as a wildcard). Cancel your current search with the Cancel search button.

You can synchronize user groups from all trusted domains in your network via the Manage LDAP Objects window.

4. Double-click onto the required user group to add this group to the objects to be synchronized. Alternatively you can use the option Add to synchronization from the context menu of the user group.

You are able to undo this process in the Objects to Synchronize field. To do so, double-click the user group that should not be synchronized. Alternatively, you can use the option Remove from synchronization from the context menu of the user group you want to remove. User groups can also be removed with the Del key.

5. Click on the Synchronize button to start synchronizing user group(s).

User groups that could not be synchronized are listed in a subsequent dialog box as soon as the synchronization is finished.