Active Directory / LDAP

Menu path: UMS Administration > Global Configuration > Active Directory / LDAP

It can make sense to link the UMS server to an existing Active Directory for two reasons:

  • You would like to import users from the AD as UMS administrator accounts.
  • You would like to use user profiles via IGEL Shared Workplace.

For both purposes, you first need to link the relevant Active Directories in the UMS Administration area under Global Configuration > Active Directory / LDAP. See also the how-to Configuring an AD Connection.

  1. Add a new entry to the list of linked Active Directories by selecting Add (+).
  2. Specify the Domain Name.

  3. Enter the Domain Controller(s).

    If the option Use LDAPS connection (see below) is activated, a fully qualified name of the domain controller must be entered, e.g. dc01.your.domain

    To separate several domain controllers, a semicolon must be used.

  4. Specify the Page Size.
    The page size limits the number of hits (i.e. objects) in the Active Directory on the server side. The default value is "1000". Change this value according to your server configuration.

  5. Activate Use LDAPS connection to secure the connection with the provided certificate.
    The Port changes automatically to the default value "636".
  6. Click Import SSL Certificate to configure the certificate and to verify the Certificate DN.

    The Domain Controller name and the certificate must correspond, otherwise the connection to the LDAP server will fail. See Problems When Configuring an Active Directory with LDAP over SSL.

    If more than one domain controller is used, the root certificate of the domain must be configured.

    The supported certificate formats are .cer, .pem and .der

  7. Enter valid user data under User name and Password.
  8. Specify aliases under UPN Suffix if they have been configured (semicolon separated list). Example: domain.local;test.local
  9. Click Test connection to check the connection.

    Several Active Directories can be linked. You should therefore ensure that you provide the correct domain when logging in (e.g. to the UMS console).

    In this document, the terms "Active Directory" and "LDAP" are, to an extent, used interchangeably:

    • Administrative users / UMS administrators can be imported both from an AD and from LDAP.
    • Shared Workplace users can only authenticate against an Active Directory. An LDAP service cannot be used for this purpose.
  10. Click Ok to save the changes.



Last update: July 3, 2019