Skip to main content

LDAP

The LDAP integration in linqi allows interaction with Microsoft Active Directory servers. Using the corresponding actions, you can, for example, create and edit users and groups or assign users to groups.

info

To work with LDAP actions, you must create a corresponding connection and activate the corresponding feature.

Shared Configuration

Many LDAP actions have a fundamentally similar configuration. Therefore, these general configurations are explained first so they do not have to be repeated for every action.

Connection

In almost all actions, you must first specify one of your created connections to define on which Active Directory server the action should be executed. Select the desired connection from the dropdown.

Filter Configuration

Many LDAP actions allow you to define a filter. This allows you, for example, to specify which objects should be loaded or updated. You can define a filter using the following settings:

  • Allow multiple entries:
    This option is only available for actions that manipulate data. By default, linqi only allows one entry to be deleted, updated, etc. at a time. This is intended to prevent you from accidentally overwriting or deleting a large number of objects in Active Directory. However, if you plan to edit more than one entry at the same time, you must activate this option.

  • Combine filters:
    Select whether an entry must meet all filters (AND) or only one filter (OR) in order to be affected by the action.

  • Filter mapping:
    Here you can define the actual filters. First, select the attribute (field name) to filter by.
    Then, use the operator to determine the filter operator. This allows you to define whether the column must match a specific value, must not match it, etc.
    The comparison value then allows you to define which value the column may or may not match.

Attribute Assignment

To assign values to certain attributes when creating or editing an Active Directory object, you can define which attributes should have which values in the attribute assignment. You define this assignment as follows:

  • Field name:
    Select the attribute that should be populated with a value. Each attribute can only be selected once.

  • Value:
    Using this configuration option, you can define the value that should be written to the column. You can either enter a fixed value or use a placeholder.

Enable Error Output

Once you activate this switch, you can catch and process errors.

Actions

Query LDAP User or Group

This action allows you to query objects from Active Directory. The following configuration options are available:

  • Connection:
    Select the Active Directory server (see above).

  • Object type:
    Select whether the objects you are searching for are groups or users.

  • Filter configuration:
    Use the filter configuration (see above) to define which objects you want to query.

  • Selected attributes:
    Use the dropdown to select which attributes you want to load. These will then be available as placeholders.

This action provides the following placeholders:

  • Each selected attribute:
    Each selected attribute can be loaded as a placeholder. Outside of loops, all objects are separated by commas.

  • Objects:
    Within a loop or, for example, a table in a form, you can reference the objects here that will then be iterated over.

Add LDAP User or Group

This action allows you to create a user or a group in Active Directory. The following configuration options are available:

  • Connection:
    Select the Active Directory server (see above).

  • Object type:
    Select whether the objects to be created are groups or users.

  • Path:
    Specify the path (parent distinguished name) of the object.

  • Select attribute values:
    Use the attribute assignment (see above) to set the attributes of the new object.

  • Unique user name:
    Specify the unique name of the object. This is used to create the distinguished name of the object.

  • Password:
    If you want to create a user, you must also enter the password here.

This action provides the following placeholders:

  • GUID of the created object:
    This allows you to reference the GUID of the newly created entry. You can use this, for example, to update the object afterward.

Update LDAP User or Group

This action allows you to update a user or a group in Active Directory. The following configuration options are available:

  • Connection:
    Select the Active Directory server (see above).

  • Object type:
    Select whether the objects are groups or users.

  • Filter configuration:
    Use the filter configuration (see above) to define which objects you want to update.

  • Disable account:
    Select whether you want to enable or disable the object. You can also choose to make no change.

  • Select attribute values:
    Use the attribute assignment (see above) to set the new attributes of the object.

Update LDAP Membership

This action allows you to assign one or more users to one or more groups or remove the assignment. The following configuration options are available:

  • Connection:
    Select the Active Directory server (see above).

  • Membership action:
    Select whether you want to add or remove the user(s) to/from the group(s).

  • User selection:
    Use the filter configuration (see above) to define which users you want to add or remove.

  • Group selection:
    Use the filter configuration (see above) to define which groups the users should be added to or removed from.

Move LDAP User or Group

This action allows you to move a user or a group in Active Directory. This changes the parent distinguished name of the object. The following configuration options are available:

  • Connection:
    Select the Active Directory server (see above).

  • Object type:
    Select whether the objects are groups or users.

  • Target path:
    Specify the new path of the object.

  • User selection:
    Use the filter configuration (see above) to define which users/groups you want to move.

Update LDAP User Password

This action allows you to change a user’s password. The following configuration options are available:

  • Connection:
    Select the Active Directory server (see above).

  • User selection:
    Use the filter configuration (see above) to define for which user you want to change the password.

  • Password:
    Enter the new password for the user here.

Delete LDAP User or Group

This action allows you to delete a user or a group in Active Directory. The following configuration options are available:

  • Connection:
    Select the Active Directory server (see above).

  • Object type:
    Select whether the objects are groups or users.

  • User selection:
    Use the filter configuration (see above) to define which objects you want to delete.