Hi Creatio Team,

We have a creatio instance with around 100 users, who in order to authenticate use the Creatio authentication. This users are set in specific organizational and functional roles, with access rights applied to them.

We will do a sync with Active Directory through LDAP for the same 100 users, so that the users use LDAP authentication to log in to Creatio and not Creatio authentication?

1-Will these cause any duplicates with the existing Contacts ?

2- Should we deactivate the licenses of the existing users before doing the sync with AD ?

Thank you

 

Like 2

Like

2 comments

Hello,

 

 

During synchronization with LDAP is checked table SysAdminUnit (table section Users), so when you synchronize the new user will be created.
You can re-bind the contact with an SQL query and then delete the new contact.
The connection to the table of contacts in SysAdminUnit is made by the ContactId column.
Also, by checking the SysAdminUnit table, if the system already has a user bound to a contact, we cannot create another user bound to an occupied contact.
If users were previously synchronized over LDAP and they have an LDAP element, the system should not generate new contacts/users.

 

More information is available here:

https://academy.creatio.com/docs/user/setup_and_administration/user_and…

Hello

Kalymbet Anastasia,

Please what is your best suggestion on our scenario?

The old users were created manually. We want to import the same users through LDAP. Are the followoing steps a good workaround ?

1- Deactivate liceneses for existing users

4- Proceed to Synchronization with LDAP 

2- Delete old contacts

3- Delete old users

 

 

Show all comments

Hi Community!

 

We use LDAP with SSO as authentication in our customer's onprem installation.

So the users are used to log in using their Windows username and password and don't have a separate creatio login.

However, the creatio app doesn't support this login method, which is understandable, since there is now windows user context on the phone.

 

I was wondering how others are dealing with this problem. Is it even possible to use LDAP and creatio authentication side-by-side, because it seems to be either or?

Thanks,

Robert

Like 0

Like

6 comments

Dear Robert, 

Yes, it's possible to enter the mobile application in case if you have SSO configured on your website and it is set as a default login method. 
In order to enable SSO in mobile application you need to enable the system setting with code "MobileUseSSO"

Kind regards,
Roman

Roman Brown,

Hi,

we have enabled the option and the "login as domain user" link appears in the App!

 

However, we get the following error message when trying to log in with the domain users:

 

 

Is there something special to set up on IIS maybe, besides the Windows Authentication?

 

Thanks and best regards,

Robert

Dear Robert, 

Can you please register a case for our support team so we could check the LDAP configuration? Cause there can be several reasons for such error message. 

Kind regards,
Roman

Roman Brown,

Hi Roman,

 

it's an on-prem installation, so that will not work really...

LDAP is working in the browser, so I guess it is set up correctly.

 

Any hints?

 

Thanks,

Robert

Dear Robert, 

The option to login as a domain user is option available as part of NTLM authentication which isn't available in mobile app. 
For application you can use standard, SSO or LDAP authentication. 

Thank you. 

Roman Brown,

Dear Roman,

how can we use LDAP users with NTLM authentication on mobile?

Because as I have written in my original post, there is no option to set a password when selecting the LDAP option.

 

What is the system setting "MobileUseSSO" is exactly expected to do?

 

Thanks,

Robert

Show all comments

Please shed some light on LDAP integration with .NET core. We plan to use .NET core on a Linux box. Does it work OOTB seamlessly as it does with the .NET framework versions? Are there any architectural implications/extra components that need to be deployed?

 

Please explain the below phrase that has been picked from the .NET Core Creatio documentation.

 

"LDAP Integration - Current Implementation - A separate .NET Core instance is used for the synchronization of Windows-based applications. "

Like 0

Like

3 comments

Hello,

 

There is no possibility to establish LDAP integration with Creatio that is fully deployed on .Net Core platform because of .Net restrictions. This kind of integration is planned after the implementation of corresponding functionality on .NET 5.
Speaking of the "LDAP Integration - Current Implementation - A separate .NET Core instance is used for the synchronization of Windows-based application". This means that you can deploy a web-farm that will have several nodes and one of them should be on Windows. Then this Windows-based node should be used for LDAP integration.

 

Best regards,

Bogdan

Bogdan Spasibov,

A quick clarification on LDAP integration with web farm setup.

Say, I have 2 nodes running in the .Net framework, Do I need to perform the LDAP setup in both nodes and update the required web.config files in both nodes?

Regards,

Bhoobalan Palanivelu.
 

Bhoobalan Palanivelu,

Hi.

That's correct. Please apply the changes on both nodes. 

Yurii.

 

Show all comments