Preparing to use the Active Directory LDAP Integration

This article goes over the prerequisites for using the Active Directory (AD) LDAP integration in Issuetrak.


 

Verifying AD information

Organizations within Issuetrak are generally used to represent companies and / or companies’ customers. Every Issuetrak user must be associated with an organization. The AD LDAP integration allows you to map AD Groups / OUs to specific organizations, so make sure there is an AD Group or OU with the appropriate users ready to map. All users will also need to be mapped to a user template to determine the permissions they will be granted in Issuetrak, so be sure to identify the AD Groups / OUs that will be used for those mappings as well.

Within Issuetrak, departments and locations are optional values to associate with a user. During user imports or when the user logs in (if the option to "Update existing users on login" is checked), Issuetrak will compare the value of the Department field to the existing Departments in the Issuetrak site. If there is an exact match, then the matching Department will be used in Issuetrak. If either the Department field in AD does not exactly match a Department in Issuetrak or the Department field in AD is blank, Issuetrak will proceed to check for any corresponding Department mappings. The same process will be used to compare the AD Office field with Issuetrak Location IDs, and if no exact match is found it will check for any corresponding mappings.


 

Establishing server specifications

Each AD server that communicates with Issuetrak must be accessible from the Web server hosting Issuetrak. If the Web server is on the same domain as the user accounts, the domain name can be specified instead of an individual server. This would allow Issuetrak to connect to whichever domain controller is available at the time. In addition, you will need:

  • When configuring Issuetrak to connect to a specific domain controller, the server’s computer name, DNS name, or IP address may be used. However, we recommend using the computer or DNS name whenever possible.
  • The fully distinguished domain name, domain\userid, and password of the “connection user.” This user must have, at least, read-only permissions to all AD user properties.
  • The domain controller must be running Windows Server 2012 or higher.
  • The Search Order for the server if you are configuring multiple AD servers within this domain. Search order defines the order that servers within the same domain are searched for user matches.
  • The SSL port number and the Global Catalog (GC) SSL port number, if it is going to be used when connecting to this server. Issuetrak will set the defaults to SSL port 636 and GC SSL port 3269.
    • If you enable Use SSL for the connection, the Server field should include a hostname that is within the scope of the SSL certificate installed on the domain controller. In other words, the SSL certificate should include the hostname mentioned in the field for it to be considered valid.

Please see KB Article #1504 in our Support Site for instructions on determining the fully distinguished name of the connection user.   

If you are configuring multiple servers in Issuetrak, collect these values for each AD server that will be communicating with Issuetrak. Should you need assistance with this task, please contact our Support Team at 757-213-1351, support@issuetrak.com, or https://support.issuetrak.com.