Hello 
For some time now, I have noticed that the process of importing users from ldap does not start correctly even though it is set to synchronize every 2h. 


interestingly enough the process starts without problems if I run it manually 

Like 0

Like

3 comments

Hello!

 

Please provide us with a detailed information on what is not working correctly (business process not starting on time, is being delayed or not finished)?

Hello 
Business process not starting on time, it only works if I start it manually

Hello,
 

Please re-save the LDAP settings under the active user and make sure that the Creatio scheduler works.

Show all comments

Hi all.
I've been doing LDAP integration setup (which is start "Run LDAP import" Process) in creatio.

For Local (Onsite) environment has ben success import data from LDAP but for the cloud environment always error with message:

System.Exception: LDAP import error: 22021: invalid byte sequence for encoding "UTF8": 0x00.
  at Terrasoft.Core.Process.RunLDAPImport.InsertLDAPElementsScriptTaskExecute(ProcessExecutingContext context)
  at Terrasoft.Core.Process.ProcessFlowElement.CallInternalExecute(ProcessExecutingContext context)
  at Terrasoft.Core.Process.ProcessFlowElement.ExecuteItem(ProcessExecutingContext context)
  at Terrasoft.Core.Process.ProcessFlowElement.Execute(ProcessExecutingContext context)

anybody know the problem and how to solve it?

Like 0

Like

2 comments
Best reply

Hello,

The issue you have reported happens because you are trying to use the format of the values, which isn't supported in PostgreSQL. In order to fix the issue, you should exclude system groups with pre-Windows 2000 support from the synchronization. 
To resolve this issue, please change the group filter to the following:
(&(objectClass=group)(!userAccountControl:1.2.840.113556.1.4.803:=2)(!isCriticalSystemObject=TRUE))


Best regards
Ivan

Hello,

The issue you have reported happens because you are trying to use the format of the values, which isn't supported in PostgreSQL. In order to fix the issue, you should exclude system groups with pre-Windows 2000 support from the synchronization. 
To resolve this issue, please change the group filter to the following:
(&(objectClass=group)(!userAccountControl:1.2.840.113556.1.4.803:=2)(!isCriticalSystemObject=TRUE))


Best regards
Ivan

Ivan Savenko,

Thanks, its worked

Show all comments

Hello everyone!

The problem is as follows:

A user is not created when syncing with LDAP, although the LDAP element itself comes to Creatio (I checked the LDAP Element in the directory) and the business process works without errors during synchronization.

Tell me, please, what could it be?

 

---

Всем привет!

Проблема следующая:

Не создаётся пользователь при синхронизации с LDAP, хотя сам элемент LDAP в Creatio приходит (проверил по справочнику Элеменет LDAP) и бизнес-процесс отрабатывает без ошибок при синхронизации.

Подскажите, пожалуйста, что это может быть?

Like 0

Like

1 comments

Добрый день.

Вы можете настроить Debug режим для логера Ldap в файле nlog.settings в папке Terrasoft.WebApp.

Расширенное логирование позволит вам узнать какие этапы синхронизации прошел ваш пользователь.

Show all comments
Question

Hello,

 

I need to add a field to LDAP server page. I tried replacing the "LDAP server setup page" doing this but it doesn't work.

 

{

                "operation": "insert",

                "name": "LDAPLbkSalesCodeAttribute",

                "parentName": "UserAttributes_GridLayout",

                "propertyName": "items",

                "values": {

                    "layout": {

                        "column": 10,

                        "row": 4,

                        "colSpan": 8

                    },

                    "bindTo": "LDAPLbkSalesCodeAttribute",

                    "labelConfig": {

                        "visible": true,

                        "caption": {

                             "bindTo": "Resources.Strings.LbkSalesCodeString"

                        }

                    }

                }

 

Should I replace another page?

 

Thank you!

Like 0

Like

1 comments

Hello,

To simply add a field to a LDAP page you need to replace LDAPServerSettings and add this code:

attributes: {
                LDAPTestColumnAttribute: {
                    dataValueType: Terrasoft.DataValueType.TEXT,
                    type: Terrasoft.ViewModelColumnType.VIRTUAL_COLUMN,
                    value: ""
                },
            },
------
{
                "operation": "insert",
                "name": "LDAPTestColumnAttribute",
                "parentName": "UserAttributes_GridLayout",
                "propertyName": "items",
                "values": {
                    "layout": {
                        "column": 10,
                        "row": 4,
                        "colSpan": 8
                    },
                    "bindTo": "LDAPTestColumnAttribute",
                    "labelConfig": {
                        "visible": true,
                        "caption": {
                            "bindTo": "Resources.Strings.LDAPTestColumnAttribute"
                        }
                    }
                }
            }

However, it should be just a field without any logic backing it up.

Currently, we don't recommend trying to add a new field since this requires overriding almost all base logic connected to LDAP.

In the new version, we are planning to add this possibility, and your questions will help us speed up the implementation.

Thank you for helping us make the system better.

 

Show all comments

Hi Creatio Team,

We have a creatio instance with around 100 users, who in order to authenticate use the Creatio authentication. This users are set in specific organizational and functional roles, with access rights applied to them.

We will do a sync with Active Directory through LDAP for the same 100 users, so that the users use LDAP authentication to log in to Creatio and not Creatio authentication?

1-Will these cause any duplicates with the existing Contacts ?

2- Should we deactivate the licenses of the existing users before doing the sync with AD ?

Thank you

 

Like 2

Like

2 comments

Hello,

 

 

During synchronization with LDAP is checked table SysAdminUnit (table section Users), so when you synchronize the new user will be created.

You can re-bind the contact with an SQL query and then delete the new contact.

The connection to the table of contacts in SysAdminUnit is made by the ContactId column.

Also, by checking the SysAdminUnit table, if the system already has a user bound to a contact, we cannot create another user bound to an occupied contact.

If users were previously synchronized over LDAP and they have an LDAP element, the system should not generate new contacts/users.

 

More information is available here:

https://academy.creatio.com/docs/user/setup_and_administration/user_and…

Hello

Kalymbet Anastasia,

Please what is your best suggestion on our scenario?

The old users were created manually. We want to import the same users through LDAP. Are the followoing steps a good workaround ?

1- Deactivate liceneses for existing users

4- Proceed to Synchronization with LDAP 

2- Delete old contacts

3- Delete old users

 

 

Show all comments

Hi Community!

 

We use LDAP with SSO as authentication in our customer's onprem installation.

So the users are used to log in using their Windows username and password and don't have a separate creatio login.

However, the creatio app doesn't support this login method, which is understandable, since there is now windows user context on the phone.

 

I was wondering how others are dealing with this problem. Is it even possible to use LDAP and creatio authentication side-by-side, because it seems to be either or?

Thanks,

Robert

Like 0

Like

6 comments

Dear Robert, 



Yes, it's possible to enter the mobile application in case if you have SSO configured on your website and it is set as a default login method. 

In order to enable SSO in mobile application you need to enable the system setting with code "MobileUseSSO"



Kind regards,

Roman

Roman Brown,

Hi,

we have enabled the option and the "login as domain user" link appears in the App!

 

However, we get the following error message when trying to log in with the domain users:

 

 

Is there something special to set up on IIS maybe, besides the Windows Authentication?

 

Thanks and best regards,

Robert

Dear Robert, 



Can you please register a case for our support team so we could check the LDAP configuration? Cause there can be several reasons for such error message. 



Kind regards,

Roman

Roman Brown,

Hi Roman,

 

it's an on-prem installation, so that will not work really...

LDAP is working in the browser, so I guess it is set up correctly.

 

Any hints?

 

Thanks,

Robert

Dear Robert, 



The option to login as a domain user is option available as part of NTLM authentication which isn't available in mobile app. 

For application you can use standard, SSO or LDAP authentication. 



Thank you. 

Roman Brown,

Dear Roman,

how can we use LDAP users with NTLM authentication on mobile?

Because as I have written in my original post, there is no option to set a password when selecting the LDAP option.

 

What is the system setting "MobileUseSSO" is exactly expected to do?

 

Thanks,

Robert

Show all comments

Please shed some light on LDAP integration with .NET core. We plan to use .NET core on a Linux box. Does it work OOTB seamlessly as it does with the .NET framework versions? Are there any architectural implications/extra components that need to be deployed?

 

Please explain the below phrase that has been picked from the .NET Core Creatio documentation.

 

"LDAP Integration - Current Implementation - A separate .NET Core instance is used for the synchronization of Windows-based applications. "

Like 0

Like

3 comments

Hello,

 

There is no possibility to establish LDAP integration with Creatio that is fully deployed on .Net Core platform because of .Net restrictions. This kind of integration is planned after the implementation of corresponding functionality on .NET 5.

Speaking of the "LDAP Integration - Current Implementation - A separate .NET Core instance is used for the synchronization of Windows-based application". This means that you can deploy a web-farm that will have several nodes and one of them should be on Windows. Then this Windows-based node should be used for LDAP integration.

 

Best regards,

Bogdan

Bogdan Spasibov,



A quick clarification on LDAP integration with web farm setup.



Say, I have 2 nodes running in the .Net framework, Do I need to perform the LDAP setup in both nodes and update the required web.config files in both nodes?



Regards,

Bhoobalan Palanivelu.

 

Bhoobalan Palanivelu,



Hi.



That's correct. Please apply the changes on both nodes. 



Yurii.

 

Show all comments