Helix TeamHub LDAP Sync Application
Integrating the corporate LDAP directory to Helix TeamHub is straightforward. Follow the steps below to setup synchronization. On-premises installations of Helix TeamHub can also be configured to use LDAP Authentication. In such case the LDAP Sync application can still be used to keep existing Helix TeamHub accounts up to date.
- Java runtime (1.6+)
- Read access to the source
- The source must provide at least the following user attributes: (
Create Company Admin Bot
Login to Helix TeamHub App with a Company Admin account (On-premises users: login to your instance). Click the company name on the top navigation and select Bots from the left menu. Create a new Company Admin bot and take a note of the API keys, they'll be used later when configuring synchronization.
Setup and Configure LDAP Sync
Download Helix TeamHub LDAP Sync application from the LDAP Sync app download page and extract it. The application is configured using YAML file. Copy one of the example config files and use it as a base for configuration. Use the
example_ad.yml if the source is Active Directory or
example_ldap.yml if the source is some other OpenLDAP compliant server.
Configure General and Helix TeamHub API Settings
Uncomment and set a unique name for the
source is used to identify which users in Helix TeamHub are synchronized from this LDAP source. Make sure to use the same value for the
source that was used in Helix TeamHub Admin authentication preferences if using LDAP Authentication. For synchronization strategy, choose either to sync all the users from LDAP to Helix TeamHub, or only keep existing Helix TeamHub users in sync. In both cases deactivated or deleted LDAP users will also be deleted from Helix TeamHub. The
keep_in_sync strategy is recommended for LDAP Authentication.
Please note: Using
sync_all strategy will sync all the users found from LDAP to Helix TeamHub and new users will receive a registration/welcome email.
Set value for
account_key previously noted. If using Helix TeamHub On-premises, set the
api_url to point to the Helix TeamHub instance API. You may enable certificate verification with Helix TeamHub API requests by setting a path to the root certificate of the certificate used in Helix TeamHub for the
api_server_certificate attribute. The path can be either relative to where hth-ldapsync.jar is executed or an absolute path.
Configure your LDAP settings
Set the LDAP
auth_password for a user with read access for the source, and choose the encryption method for LDAP connection. Then set the LDAP
base tree where to sync the users from. Users can be ignored from synchronization by adding the
short_name to the
Finally configure the attribute mappings between the LDAP schema and Helix TeamHub.
Configure Groups (optional)
Starting from Helix TeamHub version 2.7.1 and LDAP Sync version 1.3.0, it is now possible to synchronize groups from the base directory to Helix TeamHub. Define which groups are created by using
Attribute mappings between the directory and Helix TeamHub can be configured using
ldap_group_attributes. The default mapping will work for most users, but revise the value of the
source attribute. The
source defines whether the LDAP groups are linked to Helix TeamHub groups by common name
cn or distinguished name (
Group synchronization can be enabled by using the
java -jar hth-ldapsync.jar --config myconfig.yml --group-sync
Try out the configurations by running the LDAP Sync application and giving it the configuration file as a parameter. By default no modifications are made, shown instead are details of what the synchronization would do. For example:
java -jar hth-ldapsync.jar --config myconfig.yml
If there are already users in Helix TeamHub that need to be synchronized from the source, use the
--force-sync switch with the first run. It will map the existing Helix TeamHub users to the source and update them instead of creating new users.
Run the LDAP Sync
Once the configuration is ready, run the actual synchronization by adding the
--apply switch. This will synchronize users to Helix TeamHub.
java -jar hth-ldapsync.jar --config config.yml --apply
The LDAP Sync application can also be setup to run at intervals like once per hour, by using a scheduler.