Synchronize users and user groups with LDAP

The Lightweight Directory Access Protocol (LDAP) integration allows you to synchronize users and user groups from a directory service to Tosca Commander. This can be useful, for example, if you have a high number of users and don't want to manually create them in Tosca.

The synchronization is unidirectional from LDAP to Tosca. You can't overwrite existing Tosca users with LDAP users of the same name.

User log-in

LDAP synchronization with Tosca uses single sign-on. This means that the log-in happens during the Windows log-on, so users don't have to log in to Tosca Commander.

If you want to run Tosca in a different user context, Tosca uses the log-in credentials of the user who started the process.

Configure LDAP synchronization

LDAP is supported by Microsoft® Windows Server 2003/2008 with Active Directory.

The LDAP integration is enabled by default. You can check this in Tosca Commander under Options->Advanced->LDAP authentication.

Manage synchronization behavior

You can add settings to manage the system's behavior upon synchronization. To do so, follow the steps below:

  1. Open the file TOSCACommander.exe.config, located in the %COMMANDER_HOME% directory.

  2. Navigate to applicationSettings.

  3. Add one of the following settings under <Tricentis.TCCore.Base.Properties.Settings>:

Setting

Value

Description

SynchronizeLDAP_CNToUserDesc

True

Enable this setting to transfer available Common Names from LDAP to the Description column of the Usermanagement tab.

  • If there already is a description, the common name appears in front of the existing text separated by a semicolon (;).

  • If the description already contains a user name, there is no further input.

LDAPDescription

<string>

Specify free text that Tosca should enter into the Description field.

  • Enter a string under value to specify the text.

  • Enter LDAP field names in curly brackets if you want Tosca to replace them with their LDAP value during synchronization.

If you don't specify a string, Tosca uses the setting SynchronizeLDAP_CNToUserDesc instead.

UseLDAPSLookups

True

Specify whether to require an encrypted connection to the LDAP service of Active Directory. You can only enable this if you meet the Prerequisites for secure connections.

  1. Once you have made your changes, save and close the file.

Example

With the following setting, Tosca enters First name: <user's name> into the Description field. Tosca takes the user's name from the LDAP field givenName.

<setting name="LDAPDescription" serializeAs="String">
    <value>First name: {givenName}</value>
</setting>

Consider company-specific access rules before you enable this setting. For security reasons, it may be preferable not to assign real names for user identification.

Synchronize user groups

To synchronize user groups, follow the steps below:

  1. In a multi-user environment, make sure to check out the project root element.

  2. Right-click on the project root element and select Synchronize LDAP Objects from the context menu.

Select Synchronize LDAP Objects

  1. In the Manage LDAP Objects dialog, search for the name of a user group. You can also use wildcards *.

    Tosca searches all trusted domains in your network. To cancel the search, click Cancel Search.

  1. In the search results, double-click the user groups you want to synchronize. Alternatively, select Add to synchronization from the context menu.

    This adds the user groups to the Objects to Synchronize section.

  2. If needed, you can remove user groups from the Objects to Synchronize section again.

    To do so, double-click them or select Remove from synchronization from the context menu.

Manage LDAP Objects dialog

  1. Click Synchronize to synchronize the selected user group(s).

If Tosca couldn't synchronize any user groups, a dialog that contains the missing user groups appears once the synchronization is finished.