Hello!

Please provide us with a detailed information on what is not working correctly (business process not starting on time, is being delayed or not finished)?

Hello 
Business process not starting on time, it only works if I start it manually

Hello,
 

Please re-save the LDAP settings under the active user and make sure that the Creatio scheduler works.

Hello,

The issue you have reported happens because you are trying to use the format of the values, which isn't supported in PostgreSQL. In order to fix the issue, you should exclude system groups with pre-Windows 2000 support from the synchronization. 
To resolve this issue, please change the group filter to the following:
(&(objectClass=group)(!userAccountControl:1.2.840.113556.1.4.803:=2)(!isCriticalSystemObject=TRUE))


Best regards
Ivan

Ivan Savenko,

Thanks, its worked

Добрый день.

Вы можете настроить Debug режим для логера Ldap в файле nlog.settings в папке Terrasoft.WebApp.

Расширенное логирование позволит вам узнать какие этапы синхронизации прошел ваш пользователь.

Hello,

To simply add a field to a LDAP page you need to replace LDAPServerSettings and add this code:

attributes: {
                LDAPTestColumnAttribute: {
                    dataValueType: Terrasoft.DataValueType.TEXT,
                    type: Terrasoft.ViewModelColumnType.VIRTUAL_COLUMN,
                    value: ""
                },
            },
------
{
                "operation": "insert",
                "name": "LDAPTestColumnAttribute",
                "parentName": "UserAttributes_GridLayout",
                "propertyName": "items",
                "values": {
                    "layout": {
                        "column": 10,
                        "row": 4,
                        "colSpan": 8
                    },
                    "bindTo": "LDAPTestColumnAttribute",
                    "labelConfig": {
                        "visible": true,
                        "caption": {
                            "bindTo": "Resources.Strings.LDAPTestColumnAttribute"
                        }
                    }
                }
            }

However, it should be just a field without any logic backing it up.

Currently, we don't recommend trying to add a new field since this requires overriding almost all base logic connected to LDAP.

In the new version, we are planning to add this possibility, and your questions will help us speed up the implementation.

Thank you for helping us make the system better.

Hello,

During synchronization with LDAP is checked table SysAdminUnit (table section Users), so when you synchronize the new user will be created.

You can re-bind the contact with an SQL query and then delete the new contact.

The connection to the table of contacts in SysAdminUnit is made by the ContactId column.

Also, by checking the SysAdminUnit table, if the system already has a user bound to a contact, we cannot create another user bound to an occupied contact.

If users were previously synchronized over LDAP and they have an LDAP element, the system should not generate new contacts/users.

More information is available here:

https://academy.creatio.com/docs/user/setup_and_administration/user_and…

Hello

Kalymbet Anastasia,

Please what is your best suggestion on our scenario?

The old users were created manually. We want to import the same users through LDAP. Are the followoing steps a good workaround ?

1- Deactivate liceneses for existing users

4- Proceed to Synchronization with LDAP 

2- Delete old contacts

3- Delete old users

Dear Robert, 

Yes, it's possible to enter the mobile application in case if you have SSO configured on your website and it is set as a default login method. 

In order to enable SSO in mobile application you need to enable the system setting with code "MobileUseSSO"



Kind regards,

Roman

Roman Brown,

Hi,

we have enabled the option and the "login as domain user" link appears in the App!

However, we get the following error message when trying to log in with the domain users:

Is there something special to set up on IIS maybe, besides the Windows Authentication?

Thanks and best regards,

Robert

Dear Robert, 



Can you please register a case for our support team so we could check the LDAP configuration? Cause there can be several reasons for such error message. 



Kind regards,

Roman

Roman Brown,

Hi Roman,

it's an on-prem installation, so that will not work really...

LDAP is working in the browser, so I guess it is set up correctly.

Any hints?

Thanks,

Robert

Dear Robert, 



The option to login as a domain user is option available as part of NTLM authentication which isn't available in mobile app. 

For application you can use standard, SSO or LDAP authentication. 



Thank you. 

Roman Brown,

Dear Roman,

how can we use LDAP users with NTLM authentication on mobile?

Because as I have written in my original post, there is no option to set a password when selecting the LDAP option.

What is the system setting "MobileUseSSO" is exactly expected to do?

Thanks,

Robert

Hello,

There is no possibility to establish LDAP integration with Creatio that is fully deployed on .Net Core platform because of .Net restrictions. This kind of integration is planned after the implementation of corresponding functionality on .NET 5.

Speaking of the "LDAP Integration - Current Implementation - A separate .NET Core instance is used for the synchronization of Windows-based application". This means that you can deploy a web-farm that will have several nodes and one of them should be on Windows. Then this Windows-based node should be used for LDAP integration.

Best regards,

Bogdan

Bogdan Spasibov,

A quick clarification on LDAP integration with web farm setup.



Say, I have 2 nodes running in the .Net framework, Do I need to perform the LDAP setup in both nodes and update the required web.config files in both nodes?



Regards,

Bhoobalan Palanivelu.

 

Bhoobalan Palanivelu,

Hi.



That's correct. Please apply the changes on both nodes. 



Yurii.