Ironchip Help center > Location-Based Identity Platform > Technical Documentation > Integrations > Protocols > LDAP > Plugin > User synchronization

User synchronization

In order to synchronize the users between the LDAP and Ironchip LBAuth, the proxy provides a tool, execute:

ldap-windows.exe sync-users -ldap-user <user-used-for-bind> -ironchip-user <ironchip admin with access to the dashboard>

Once the import has been completed, all the users have been created in Ironchip.

User group synchronization

To synchronize the users belonging to a group, the sync-users command can be configured as follows:

ldap-windows.exe sync-users -ldap-user <user-used-for-bind> -ironchip-user <ironchip admin with access to the dashboard> --ldap-search-filter "(&(objectClass=person)(memberOf=<group full DN>))"

as an example if the user is in the “VPNAuthorized” group with a DN of “CN=VPNAuthorized,DC=ironchip,DC=com” then the command would be:

ldap-windows.exe sync-users -ldap-user <user-used-for-bind> -ironchip-user <ironchip admin with access to the dashboard> --ldap-search-filter "(&(objectClass=person)(memberOf=CN=VPNAuthorized,DC=ironchip,DC=com))"

Note also that the sync-users command also provides a “–ldap-search-dn” flag that by default points to the DN configured in the configuration file but can be overwritten by setting this flag appropriately.

Updated: November 25, 2022

Top