MindTouch integrates with LDAP and/or Active Directory to make it easy to manage your users. Below will review implementation information around this. MindTouch supports integration with Active Directory and LDAP through our Support team. When you become a MindTouch customer you'll need to provide the following information to the MindTouch support team so that they can add the configuration to your MindTouch instance:
On top of this please include the optional information if it applies to your AD/LDAP enviornment:
- Non standard port that you are running AD/LDAP on
- If you are running AD or LDAPS over SSL
- Authenticated user if your AD/LDAP server doesn't support anonymous querying
- Any additional parameters that may pertain to configuring your system
MindTouch's querying requests for LDAP/AD will come from the following hostname. Whitelisting this hostname will ensure that you only receive inbound requests into your LDAP/AD server from MindTouch:
When does LDAP synchronize user information?
Direct LDAP Synchronization is done on a per-user basis on user login so that users are continually updated. This allows users and groups to be updated on demand without extraneous updates for users who are not actively using the MindTouch system.
How does it work?
Once configured the AD/LDAP integration will allow your users to login to MindTouch with their LDAP/AD credentials and an account will automatically be created for them. Also we support group synchronization on the MindTouch side so that you can specify the groups you want within MindTouch and if the user belongs to that group in AD/LDAP they will be added on the MindTouch side and associating permissions will be applied. Also note that the groups will be re-checked and re-synchronized each time the user logs in through AD/LDAP.