User guide

ManualsBrandsADDER ManualsComputer equipmentALIF 2112T

 sll









Users > Active Directory

To simplify integration alongside existing systems within organisations, AIM

can be synchronised with an LDAP/Active Directory server. This allows a list of

users (and user groups), together with usernames and group memberships to be

quickly imported and kept up to date.

Initial conﬁguration

The basic Active Directory (AD) server details are deﬁned in the Dashboard

> Settingspage.Oncecongured,theUsers>ActiveDirectorypage(called

“Import Users from Active Directory”) will allow you to scan the AD server for a

list of folders and users/groups within those folders.

Choosing users and groups

Once scanned, the “Import Users from Active Directory” page shows all folders

that are available on the AD server.

1 Use the “Include Users” and “Include Groups” checkbox columns on the

right hand side of the folder lists to select which items to import (with

optional additional LDAP ﬁlters where necessary).

• IfanADuserwasnotintheAIMuserdatabase,theywillbeimported.

• IfanADuserisalreadyintheAIMuserdatabase,theyarekept.

• IfanADuserisNOTmarkedforimport/syncfromtheADimportpage,

and they already exist in the AIM user database, they will be removed

from the AIM user database during the sync operation.

IMPORTANT: It is thus vital to ensure that all users you want in the

AIM system are always selected for import/sync, otherwise they will be

removed.

2 You can choose to synchronise immediately or to preview the results of your

settings:

• Clickthe“Preview”buttontoviewthelistofusersthatwillbeadded/

updated/removed on this synchronisation. Once previewed, you can

either go ahead with the sync or return to the ﬁlter page and edit your

settings.

• Clickthe“Save&Sync”buttontosynchronisetheselecteditemsinto

the AIM user database.

Note: AIM will only import folders/groups/users up to the limit set by the AD

server. There is a known issue: AIM can only import x users/groups from AD

where x is the limit set on the AD server. Any users/groups beyond this limit will

not be imported.

Active Directory Tips

• AbackupscheduleisrecommendedsothatanychangesontheADserver

are carried across to the AIM server regularly. You can choose from hourly/

daily or weekly syncs. The settings/ﬁlters saved on this screen will be applied

to each subsequent sync, ensuring that your list of users is kept accurate.

• TotemporarilyremoveaparticularuserfromAIMaccess,withouthavingto

make complicated LDAP ﬁlters, simply edit the AIM user to be suspended

(see Users > Add User or Conﬁgure User page). Even though they will

continue to be imported/synced from AD, they will be prevented from

logging on.

• AllLDAPltersshouldbeself-contained,e.g:(!(cn=a*))

• Besuretosaveanychangesmadetothesyncsettingsbeforeclickingthe

“sync-now” option. Otherwise, the next scheduled sync operation will

overwrite any user changes you made in your “sync-now”.

• UsergroupsareonlyimportedfromADtoAIMiftheycontainusersthatare

set to be imported too (i.e. a group will not be imported, even if it contains

users, unless its users match the sync ﬁlters).

• AssociationsbetweenusersandusergroupscanonlybemadeontheAD

server - it is not possible to edit user/user-group membership for AD users/

groups on the AIM server.

• Usersandgroupsaretechnically“synchronized”ratherthan“imported”

- each time a sync takes place, details are updated and if a user no longer

matches the sync ﬁlters, they will be removed from the AIM user list.