Deveo LDAP Sync Application
Integrating the corporate LDAP directory to Deveo is straightforward. Follow the steps below to setup synchronization. On-premises installations of Deveo can also be configured to use LDAP Authentication. In such case the LDAP Sync application can still be used to keep existing Deveo accounts up to date.
- Java runtime (1.6+)
- Read access to the source
- (DeveoAuth extension if password synchronization is desired with Active Directory)
- The source must provide at least the following user attributes: (
Create Company Admin Bot
Login to Deveo App with a Company Admin account (On-premises users: login to your instance). Click the company name on the top navigation and select Bots from the left menu. Create a new Company Admin bot and take a note of the API keys, they'll be used later when configuring synchronization.
Setup and Configure LDAP Sync
Download Deveo LDAP Sync application from Customer portal and extract it. The application is configured using YAML file. Copy one of the example config files and use it as a base for configuration. Use the
example_ad.yml if the source is Active Directory or
example_ldap.yml if the source is some other OpenLDAP compliant server.
Configure General and Deveo API Settings
Uncomment and set a unique name for the
source is used to identify which users in Deveo are synchronized from this LDAP source. Make sure to use the same value for the
source that was used in Deveo Admin authentication preferences if using LDAP Authentication. For synchronization strategy, choose either to sync all the users from LDAP to Deveo, or only keep existing Deveo users in sync. In both cases deactivated or deleted LDAP users will also be deleted from Deveo. The
keep_in_sync strategy is recommended for LDAP Authentication.
Please note: Using
sync_all strategy will sync all the users found from LDAP to Deveo and new users will receive a registration/welcome email.
Set value for
account_key previously noted. If using Deveo On-premises, set the
api_url to point to the Deveo instance API. You may enable certificate verification with Deveo API requests by setting a path to the root certificate of the certificate used in Deveo for the
api_server_certificate attribute. The path can be either relative to where deveo-ldapsync.jar is executed or an absolute path.
Configure your LDAP settings
Set the LDAP
auth_password for a user with read access for the source, and choose the encryption method for LDAP connection. Then set the LDAP
base tree where to sync the users from. Users can be ignored from synchronization by adding the
short_name to the
Finally configure the attribute mappings between the LDAP schema and Deveo. Note: If using the DeveoAuth extension for Active Directory, ensure that the password attribute matches the one configured to the Active Directory.
Configure Groups (optional)
Starting from Deveo version 2.7.1 and LDAP Sync version 1.3.0, it is now possible to synchronize groups from the base directory to Deveo. Define which groups are created by using
Attribute mappings between the directory and Deveo can be configured using
ldap_group_attributes. The default mapping will work for most users, but revise the value of the
source attribute. The
source defines whether the LDAP groups are linked to Deveo groups by common name
cn or distinguished name (
Group synchronization can be enabled by using the
java -jar deveo-ldapsync.jar --config myconfig.yml --group-sync
Try out the configurations by running the LDAP Sync application and giving it the configuration file as a parameter. By default no modifications are made, shown instead are details of what the synchronization would do. For example:
java -jar deveo-ldapsync.jar --config myconfig.yml
If there are already users in Deveo that need to be synchronized from the source, use the
--force-sync switch with the first run. It will map the existing Deveo users to the source and update them instead of creating new users.
Run the LDAP Sync
Once the configuration is ready, run the actual synchronization by adding the
--apply switch. This will synchronize users to Deveo.
java -jar deveo-ldapsync.jar --config config.yml --apply
The LDAP Sync application can also be setup to run at intervals like once per hour, by using a scheduler.