Managing LDAP Server Connections

This section assumes that you have knowledge of general LDAP (Lightweight Directory Access Protocol) concepts and features.

The examples in this section use LDAP conventions. If you use Active Directory, adjust the examples accordingly.

The most basic user management approach in aPriori is adding, deleting, and modifying user accounts and their privileges and group membership manually through the System Administrator user interface. For this manual approach, see Managing users later in this chapter.

aPriori also provides the ability to specify one or more LDAP server connections to import users into aPriori and authenticate them each time they start aPriori. You can specify a number of details that will be applied automatically when users are imported, including:

• User settings and access conditions

• Which Access Control groups users should be assigned to (optional)

• Up to 10 user "Extra" fields that can be populated with LDAP server attributes

Once your LDAP connections are defined as described in this section, you can synchronize aPriori user accounts with the LDAP server(s) either manually (see Adding User), or automatically through the separately-licensed Cost Insight Admin LDAP Synchronization (“LDAP Sync”) module (see the Cost Insight Admin Guide to LDAP Synchronization).

In summary, you can manage your users in three ways:

• Manually: through the aP System Administrator UI.

• LDAP Map: by running LDAP connections manually through the Synchronize with LDAP button on the Users tab.

• LDAP Synchronization: using the separately licensed aPriori Cost Admin “LDAP Synchronization” module to run your LDAP connections automatically on a set schedule.

This section describes how to define LDAP connections, whether you synchronize them manually or through the LDAP Sync module.