Deveo LDAP Sync Application

Integrating the corporate LDAP directory to Deveo is straightforward. Follow the steps below to setup synchronization. On-premises installations of Deveo can also be configured to use LDAP Authentication. In such case the LDAP Sync application can still be used to keep existing Deveo accounts up to date.

Requirements

Create Company Admin Bot

Login to Deveo App with a Company Admin account (On-premises users: login to your instance). Click the company name on the top navigation and select Bots from the left menu. Create a new Company Admin bot and take a note of the API keys, they'll be used later when configuring synchronization.

LDAP Sync app

Setup and Configure LDAP Sync

Download Deveo LDAP Sync application from Customer portal and extract it. The application is configured using YAML file. Copy one of the example config files and use it as a base for configuration. Use the example_ad.yml if the source is Active Directory or example_ldap.yml if the source is some other OpenLDAP compliant server.

Configure General and Deveo API Settings

Uncomment and set a unique name for the source. The source is used to identify which users in Deveo are synchronized from this LDAP source. Make sure to use the same value for the source that was used in Deveo Admin authentication preferences if using LDAP Authentication. For synchronization strategy, choose either to sync all the users from LDAP to Deveo, or only keep existing Deveo users in sync. In both cases deactivated or deleted LDAP users will also be deleted from Deveo. The keep_in_sync strategy is recommended for LDAP Authentication.

Please note: Using sync_all strategy will sync all the users found from LDAP to Deveo and new users will receive a registration/welcome email.

Set value for plugin_key, company_key and account_key previously noted. If using Deveo On-premises, set the api_url to point to the Deveo instance API. You may enable certificate verification with Deveo API requests by setting a path to the root certificate of the certificate used in Deveo for the api_server_certificate attribute. The path can be either relative to where deveo-ldapsync.jar is executed or an absolute path.

Configure your LDAP settings

Set the LDAP host, port, auth_username and auth_password for a user with read access for the source, and choose the encryption method for LDAP connection. Then set the LDAP base tree where to sync the users from. Users can be ignored from synchronization by adding the short_name to the ignored_users list.

Finally configure the attribute mappings between the LDAP schema and Deveo. Note: If using the DeveoAuth extension for Active Directory, ensure that the password attribute matches the one configured to the Active Directory.

Configure Groups (optional)

Starting from Deveo version 2.7.1 and LDAP Sync version 1.3.0, it is now possible to synchronize groups from the base directory to Deveo. Define which groups are created by using group_base and group_query_filters.

Attribute mappings between the directory and Deveo can be configured using ldap_group_attributes. The default mapping will work for most users, but revise the value of the source attribute. The source defines whether the LDAP groups are linked to Deveo groups by common name cn or distinguished name (dn).

Group synchronization can be enabled by using the group-sync switch:

java -jar deveo-ldapsync.jar --config myconfig.yml --group-sync

Test Configurations

Try out the configurations by running the LDAP Sync application and giving it the configuration file as a parameter. By default no modifications are made, shown instead are details of what the synchronization would do. For example:

java -jar deveo-ldapsync.jar --config myconfig.yml

If there are already users in Deveo that need to be synchronized from the source, use the --force-sync switch with the first run. It will map the existing Deveo users to the source and update them instead of creating new users.

LDAP Sync preview

Run the LDAP Sync

Once the configuration is ready, run the actual synchronization by adding the --apply switch. This will synchronize users to Deveo.

java -jar deveo-ldapsync.jar --config config.yml --apply

The LDAP Sync application can also be setup to run at intervals like once per hour, by using a scheduler.

Updated on: 28 April 2017