Overview
Connecting your directory service to your Code42 environment is an important step in making sure the right users have access to the correct Code42 functionality. When you integrate Code42 User Directory Sync with your environment, Code42 periodically syncs with your LDAP infrastructure. This article describes the syncing process in detail.
What is the Code42 User Directory Sync
Code42 User Directory Sync is a provisioning tool that you install on a dedicated computer. Once configured it connects your directory service to your Code42 environment and automatically creates users, updates their organization and role assignments, and deactivates users in Code42 based on changes made within your directory service. Code42 User Directory Sync is built using the LDAP version 3 standard, and it integrates with Microsoft Active Directory.
How to configure
Contact your Customer Success Manager (CSM) to engage the Professional Services team for a link to download the User Directory Sync tool installation file.
To configure User Directory Sync, install the User Directory Sync tool to a dedicated server within your organization's environment and configure User Directory Sync in the Code42 console. For complete instructions, see Configure Code42 User Directory Sync.
What it does
When Code42 synchronizes with a directory service, Code42 User Directory Sync performs the following actions:
- Authenticates (binds) with the directory service
- After the initial sync, User Directory Sync only processes a user if a change is made to user attributes in the directory
- Operates in read-only mode on the directory service
- Receives the user information from your directory service via LDAP, translates it, and uses SCIM protocol to send the user information to Code42
- Creates users to match users in your directory data:
- Creates new users in your Code42 environment
- Activates or deactivates users based on the active script
- Moves users to appropriate organizations based on the org script
- Applies roles to users based on the role script and role mapping
- Uses configuration properties to adjust user attributes in your Code42 environment to match user data in your directory service:
- Common name (First Name)
- Country code
- Department
- Direct reports
- Division
- Employee type
- Given name
- Last name
- Locality (City)
- Manager
- Region (State)
- Search UID
- Title
- Username (Email)
For instructions on synchronization, see Run synchronization for Code42 User Directory Sync.
What it does not do
- Initiate communication with the directory service
To initiate communication, run the User Directory Sync using a scheduling service, which is not included. - Create new entries in the directory service
- Modify the directory service
History
You can view the results of past LDAP syncs in your Code42 console at Administration > Settings > Identity Management in the Sync Log tab. For more details, refer to the Identity management reference.
Logs
Activity appears in the ldapConnector.log file in the location where the Code42 User Directory Sync tool is installed.
To view the log files:
- Sign in to the device where Code42 User Directory Sync is located.
- Go to /C42UserDirectorySync-<version>/logs
- Select one of the ldapConnector.log files.
Your Code42 environment creates a new file each time Code42 User Directory Sync runs or if the file reaches a certain size. The current application log is ldapConnector.log. Older logs are signified by ldapConnector.1.log, and so on.
External resources
- ZYTRAX: LDAP for Rocket Scientists
- Microsoft: Active Directory Domain Services