Integrate Active Directory with leitzcloud

Integrate Active Directory with leitzcloud

Active Directory or any other LDAP authentication source can serve as a source for user accounts within the system. When the authentication source is configured, an imported user can log in to the Web Cloud using the authentication source account credentials.

You can use one of the following two methods to configure your Active Directory integration:

Device method

If you use this method, you must first download the Sync Tool to the server that hosts the authentication source. Then you need to register the Sync Tool with each user within the system. For help on installing and registering, please refer to the First Steps article in our knowledge base

Please note: When registering for a user account on a server, it is recommended to create a dummy account. The purpose of that is to prevent unnecessary space usage on the local device. A dummy account should not subscribe to Team Shares. Set a fixed maximum storage space of 0.01GB. Also, use a predefined naming system (e.g. First Name: File Server, Last Name: LDAP) to easily detect the dummy accounts.

Server method

This method allows you to connect to your authentication source without installing the Sync Tool on the device. However, the server must allow public access to use this method

Please note:

  • If you have already created user accounts manually and want to convert them to an Active Directory user accounts, you must make sure that the email addresses are identical. If so, the system will automatically convert the existing user account to an Active Directory user account. In this case it is not necessary to uninstall and reinstall the Sync Tool.
  • If you integrate with Active Directory, Sync Tool can be moved, installed, and registered with users without notifying the end user.
  • leitzcloud successfully integrates with all LDAP authentication sources. Non-LDAP sources like Azure AD are not supported. Azure AD supports internal but not external LDAP authentication.

Troubleshooting end-user registration issue

If the user has to change his or her password at the next login, it is not possible to install the Sync Tool or log in to the Web Cloud. Therefore, we suggest that you disable this setting to ensure successful registration resp. login.

Device method

  1. On the server that hosts the Active Directory, you need to download and install the Sync Tool.
  2. Then you need to register the Sync Tool with each user within the system.
  3. While you are on the Active Directory server, write down the full computer name because you will need it later.
  4. When you have finished installing and registering the Sync Tool, return to the administrator area of the Web Cloud.
  5. Switch to the settings.
  6. Go to “Auth” and select the "Add Source" button.

  7. There you can make the following settings:
    • In the drop-down menu “Device”, select the name of your Active Directory device.
    • In the “Host” field, you need to enter the full computer name that you wrote down in step 3.
    • In the “Domain” field, enter the Active Directory Fully Qualified Domain Name.
    • In the “Login” field you have to enter the user name of the Active Directory administrator.
    • In the “Password” field, enter the corresponding password.
    • Then click “Save”.

  8. Now you will see an overview of all created authentication sources. Where your recently created source is, click “Import Users”.

  9. There you choose from the following options:
    • Send a welcome email.
    • Allow access via WebDAV.
    • Add users to a Team Share. With “All”, you can add all user to all Team Shares or you can choose “None” if you do not want to add any users to Team Shares.
    • In the section “Organizational Units”, you need to select the Active Directory users to import.
    • Click "Import Selected Users" to apply the users. End users can now log in and register their devices using their Active Directory credentials.

Server method

  1. First make sure that you are in the right organization.
  2. Got to settings and switch to the “Auth” tab. There select the “Add Source” button.

  3. There you can make the following settings:
    • In the drop-down menu select “Use Server”.
    • In the “Host” field you have to specify the internal IP address, if the device is located in the same network as the leitzcloud server. If the Active Directory Server device is located outside the network, you must specify the publicly resolvable host name or IP address.
    • In the “Domain” field enter the Active Directory Fully Qualified Domain Name.
    • In the “Login” field enter the user name of the Active Directory administrator.
    • In the “Password” field enter the corresponding password.
    • Then click “Save”.

  4. You will be redireted to the overview of all existing authentication sources. Import the users you want to add as described above.

Was this article helpful?

mood_bad Dislike 0
mood Like 0
visibility Views: 209116