Skip to main content
Version: 3.20.2

User Synchronization via LDAP

LDAP user synchronization is required for LDAP information to be passed on to Fusion. For example: When updating a user's data and syncing, that data will be corrected in Fusion, but if it is empty, the data coming from the NeoUser (email, group, etc.) will be deleted. However, this applies to any information, including new users, so synchronization even if it doesn't import user data, will create it in Fusion, if it doesn't exist.

Fill in the details:

  1. Domain: Select the domain.
  2. User: Enter the user who is an administrator of the domain.
  3. Password: Enter the administrator user password.
Attention

For a user to perform LDAP synchronization in Fusion, it is not required that they be a domain administrator. Regular users with permission to access directory and group read in Active Directory can also perform this synchronization.

After completing the fields, click List Users.

Attention: Synchronization works only for authentication settings with LDAP or Kerberos.

There is some information about LDAP that should be considered:

  • LDAP users are unable to change their passwords directly in Fusion only on the LDAP server, this feature can only be performed by the administrator user.
  • Editing the password in Fusion does not automatically edit the LDAP server password, it only increases the number of passwords that the user can use to log in.
  • In case the LDAP is down, users will not be able to log in unless an administrator user changes the user's password.
  • Users inactivated in LDAP will also be inactivated in Fusion, so they won't be able to log in.

Attention: If the administrator changes a user's password, they will be able to change their Fusion password, so in case the user is inactivated in LDAP, they will be able to log in with the password that was saved in Fusion. To avoid this, simply sync the data of the inactive user with the option “Update User Data = Yes”.

  • Users created directly in the fusion log and do their actions normally, even with the authentication of the environment being LDAP.

Attention: When a user is created with LDAP and later disabled, the system administrator must create a new password for that user, because in addition to being disabled, the user environment password does not exist due to overlap. The system administrator will have to create a new one password for that user, since LDAP has been overridden.