The LDAP Import feature has two parts: a stand-alone LDAP Import utility and an LDAP Synchronization Task that runs continuously to keep the Doors.NET Cardholder database synchronized with the Active Directory Users database.

The LDAP Import Utility is used to import Active Directory Users into Doors.NET and to configure settings used by the LDAP Synchronization Task.

LDAP Import Utility includes the following features, requirements, and restrictions:

LDAP Import Utility

• Selective AD User Import – selective import of AD Users based on membership in AD Security Groups

• Mapped Access Rights Assignment – automatic assignment of Cardholder access rights based on mappings of AD Security Groups to Doors.NET Access Groups

• Card Number + Facility Code Import – import card numbers + facility codes by entering values in mapped fields of each AD User

• Disabled AD User Accounts – after disabling AD User Account, based on “Disabled AD User” configuration setting, automatically disables or deletes all cards for corresponding Doors.NET Cardholder

• Deleted AD User Accounts – after deleting AD User Account, based on “Deleted AD User” configuration setting, automatically disables or deletes all cards for corresponding Doors.NET Cardholder

• Photo Import – imports AD User photo from Microsoft Exchange if image is referenced by AD User field “thumbnailPhoto”

• Allows operator to map AD User attributes to Doors.NET Cardholder fields

• Saves field mappings for later use by LDAP Synchronization Task

• Runs on any Windows PC with .NET Framework v3.5, requires network connectivity to Doors.NET Application Server and AD Domain Controller

• Operator must be System Administrator on both AD Domain Controller and Doors.NET Application Server or LDAP Import Utility will refuse to run
  
  

LDAP Synchronization Task for Active Directory

The LDAP Synchronization Task will detect and sync changes between Active Directory Users and Doors.NET Cardholders. Only one direction of sync is supported: either from Active Directory to Doors.NET or from Doors.NET to Active Directory. The system operator chooses sync direction by running the LDAP Import Utility and specifying all LDAP Import configuration settings.

• Runs on any Windows PC with .NET 3.5

• Requires network connectivity to Doors.NET Application Server and AD Domain Controller

• Requires LDAP configuration files created by LDAP Import Utility to correctly import AD Users and card numbers, assign Doors.NET Cardholder access rights, import values for mapped AD User fields, etc.

• Runs continuously as a Windows Service

• Configurable to synchronize changes from AD to Doors.NET or sync changes from Doors.NET to AD

• Configurable synchronization time interval

• When synchronization time interval occurs (every N seconds), detects changes in source repository and immediately replicates changes to destination repository. For example, every 10 seconds, checks for all changes to AD Users including newly added users, deleted users, and modifications to existing users. Replicates all changes to Doors.NET Cardholders database. Adding a new AD User results in a new Doors.NET Cardholder being created.

• Operator chooses action to take when deleting AD User accounts.

• Operator chooses action to take when disabling AD User accounts.

• Modifying a mapped field on an AD User results in that field value being modified on the corresponding Doors.NET Cardholder.

• The Operator must choose the direction of sync: AD to Doors.NET or Doors.NET to AD.