LdapSync
- Synchronise users and other data from an Active Directory / LDAP server
- Distribute to clients to automate user onboarding in a SaaS
- Available as embeddable white-label software
LDAP agent for automated user provisioning and sync
Enterprise SaaS for payroll, expense tracking, document management and other business related applications often requires continuous access to the most current snapshot of the company employees and personnel. The LdapSync agent is a software solution by Connect2id for secure and transparent provisioning and synchronisation of users, groups and other types of data from an LDAP directory, such as Microsoft Active Directory or OpenLDAP.
The universal and highly configurable algorithm of LdapSync is capable of catering for applications with different data models and requirements. It is based on the protocol of LDAPv3, ensuring compatibility with all directory servers on the market today.
SaaS providers can distribute the LdapSync agent to customers and subscribers in a pre-configured package. The white label license provides the opportunity to brand and customise the software to suit your specific product vision and requirements. Contact Connect2id sales to find out more.
Deployment
Directory data can be synchronised from hundreds or thousands independent LDAP servers, provided the target directory server has sufficient processing and storage resources. The LdapSync agents talk to the HTTPS endpoint of a Json2Ldap gateway, configured to enforce a strict connection and authentication policy to the LdapSync agents, and ideally placed in a network DMZ, leaving the target directory server protected from direct Internet access.
Capabilities
Synchronised directory changes:
User account addition (LDAP ADD)
User account updates (LDAP MODIFY)
User account deletion (LDAP DELETE)
Groups and group membership updates
Supported LDAP data types:
Text attributes
Binary attributes
Attributes with international characters
Directories can have different schemas for representing user data. To ensure interoperability the LdapSync agent can be configured to map the attribute names between the source and the target LDAP directory.
The attribute values can also be transformed with a regular expression. Such transformations can change the base DN of group members when the target LDAP directory has a different base DN (domain).
The synchronisation algorithm of the LdapSync agent is universal and can handle other types of LDAP data besides user and group entries.
The sync interval is configurable to ensure a certain freshness policy. Sync runs can be performed in a certain order to ensure the referential integrity of directory data when dealing with groups and group membership.
Customise, brand and package
The LdapSync agent is shipped as a standard Java application package (JAR) and a simple command-line utility. Its configuration and monitoring API is designed to allow easy customisation and branding.
Examples:
- Furnish the agent with a branded UI to match the application appearance.
- Add a configuration wizard for the designated administrators.
- Add reporting and monitoring screens.
- Embed it into a Docker container, web or desktop application.
Supported LDAP directories
The LdapSync agent supports any LDAP v3 compatible directory.
Popular directory servers:
Security
- The LdapSync agents talk to a Json2Ldap gateway, leaving the target directory server protected from direct access over the Internet.
- Set a strict Json2Ldap gateway policy to always require HTTPS and LDAP client authentication. An IP whitelist can also be configured.
- Each LdapSync agent can be provisioned with individual LDAP bind credentials for the target directory, which in combination with a suitable directory ACL ensures the uploaded data is isolated and inaccessible to other agents.
Runtime
- Java 8+
Configuration
The LdapSync agent can be configured by the following means:
- Text file
- Standard input
- Java system properties
- Environment variables
JavaDocs
Browse the LdapSync API docs online.
Download
Ready to try out LdapSync? You are welcome to download an evaluation copy. No registration is required for that.
LdapSync is offered under an affordable license which also provides 12 months of maintenance, updates and our support. Attractive license packages are available if you wish to run multiple LdapSync instances or would like to integrate it into your own product or service offerings. We also offer various dedicated professional services such as integration assistance, training and custom add-on development. Get in touch with Connect2id sales to describe your case and request a quote.