The Sync Appliance can be configured to allow automatic user provisioning by authenticating against an existing LDAP/AD directory. New users will be created implicitly on authentication against the external directory.
LDAP/AD integration is done with via the Appliance’s web interface, with an assistant that will try to infer the required parameters from those introduced so far. Configuration involves these steps:
Enter LDAP server URL, either as hostname (the appliance will try to connect
both to the standard LDAP 389 and LDAPS 636 TCP ports) or as a full ldap
URL of the form ldaps://hostname:123 where the port is optional
(standard one used if so).
If the server is reached over LDAPS, it will be necessary to either supply the CA certificate the LDAP server’s is signed with, or to disable certificate validation (not recommended in production).
The appliance will try to perform an anonymous bind and to look for users
using a base DN inferred from the LDAP server URL. If required, provide the
DN and password used to perform the bind operation against the LDAP
server.
When the connection parameters have been specified correctly, the appliance will look for users under the provided or inferred base DN, and display how many have been found, as well as offer the possibility to enable LDAP authentication.