Active Directory/LDAP Synchronization

UnForm can synchronize some or all users and groups with an LDAP or Active Directory server.  This process creates groups, users, and group membership from the LDAP server, while also allowing private UnForm users to be maintained as well.  Any user created from the synchronization process is authorized against the same server, so no internal password is maintained.  Any time the synchronization is performed, the LDAP-based user and group lists are updated, while specific UnForm properties, such as design tool or workflow access options, are maintained.

Active Directory uses the LDAP protocol, so this process works with that type of server as well.

The server value supports three modes of operation, which must match how the LDAP server operates::

The LDAP configuration expects a domain to form the base distinguished name values (sdsi.local, for example, becomes dc=sdsi,dc=local in LDAP searches).

The LDAP configuration found in ldap.ini support different database structures.  Select one that works for the structure used.  Additional structures can be configured easily.  The ldap.ini file is distributed as "ldap.ini.sds", and copied automatically if not found when UnForm is installed or first started.  If you customize ldap.ini, you can find the publisher-supplied version of definitions in ldap.ini.sds.  The file is self-documented with comments.

The login and password are required to access the server and import user and group information.  The LDAP server will validate these values.

If there are no errors, users, groups, and group membership information will be imported into the UnForm structures, and subsequent attempts to login to UnForm by an LDAP-based user will be authenticated against the LDAP server.

Since this process is potentially destructive, you can backup the user and group databases