Setting up LDAP integration
Overview
You can use the same password you use to log in to your Windows domain as the TimeTracker NX password.
Specifically, by sharing the passwords of accounts managed by Active Directory,
you can centrally manage user passwords in Active Directory.
Notes
- Linking is only possible with Active Directory, and linking with LDAP servers other than Active Directory is not possible.
- For frequently asked questions about LDAP integration, please refer to the following link. : Setting up LDAP integration
Setting up LDAP integration
Setting up LDAP integration involves the following two steps.
- Set up the information for integration with the Active Directory that manages the domain.
- Set up the users to integrate with LDAP
Setting up Active Directory integration
First, enable Active Directory using the following procedure.
-
Click the login name in the global navigation of TimeTracker NX.
-
Select "System Settings".
-
Click "System Operation" in the global navigation.
-
Select "LDAP integration" from the menu on the left.
-
Click the "Edit" button.
-
Set the LDAP integration information. The input items are as follows.
No. Item Description 1 Perform LDAP integration Check if you want to perform LDAP integration. 2 LDAP path Enter only if you want to perform LDAP integration.
For details, please refer to the following link. : "How to set the LDAP path (#LDAP_Path)"For the specific details of the LDAP path to be set, please contact the LDAP administrator of each company. -
Click the "Save" button.
How to set the LDAP path
- Check the Active Directory settings.
For the format of the LDAP path, refer to the LDAP path displayed by entering the following command.whoami /FQDN - Set the LDAP path based on the string output in 1.
- Start the path with "LDAP://".
- The settings will differ depending on the scope you want to apply, as in the "Example" below.
- Start the path with "LDAP://".
Example
Set the string shown in the example below based on the string obtained in step 1 above.
We will explain using the following string obtained with whoami /FQDN as an example.
CN=Okamoto Naoya,OU=Development Division 2,OU=Development Department,OU=Second Business Division,DC=mydomain,DC=local
- Case 1: When targeting users within a portion of the company (within the Second Business Division)
LDAP://[Name of LDAP server (※)]/OU=Second Business Division,DC=mydomain,DC=local - Case 2: When targeting the entire company
※Please include the domain name.
LDAP://[Name of LDAP server (※)]/DC=mydomain,DC=local
Set up users to be linked with LDAP
In Step 1, you were able to enable LDAP.
Next, set up users to be linked with LDAP.
On the "User Settings" screen, enter the "LDAP login name" of the user to be linked.
For details, see the following link. : "User settings"
- Set the login name including the domain name. Example: okamoto@mydomain.local
- If you do not want to use LDAP integration for a user, leave the field blank and they can log in with their TimeTracker NX password.
For details, see the following link. : "Import/Export User List"
Notes
If all users are set as LDAP integration targets, they will not be able to log in if a problem occurs.
Example: Unable to connect to Active Directory server, etc.
We recommend that you leave at least one user who is not to be integrated with LDAP.
Logging in after successful LDAP integration settings
After configuring LDAP integration, enter the following in the login screen.
- Login name: TimeTracker NX "Login name"
- Password: Password for LDAP connection (password used to log in to Windows)