LDAP module features

&lt;h3 class=&quot;tab-title&quot;&gt;&lt;i style=&quot;font-size: 25px;&quot; class=&quot;fa fa-sliders fa-border&quot; aria-hidden=&quot;true&quot;&gt;&lt;/i&gt; LDAP module features&lt;/h3&gt; &lt;p&gt;&lt;b&gt;The AD/LDAP&lt;/b&gt; module has been developed with respect to LDAP (Lightweight Directory Access Protocol) and AD (Active Directory) protocols one of which must be installed at the corporate server.&lt;/p&gt; &lt;p&gt;The AD/LDAP&lt;/b&gt; module is built on the concept of storing data as records containing sets of attributes; these records are stored in a hierarchical database. The following figure illustrates how the user group information is stored on the LDAP/AD server:&lt;/p&gt; &lt;p&gt;&lt;img src=&quot;/images/portal_admin/system_administration/ldap/scheme_opt.png&quot; &gt;&lt;/p&gt; &lt;p&gt;Using this structure to store user data, the AD/LDAP module can assign corporate user groups in accordance to &lt;b&gt;Bitrix Framework&lt;/b&gt; user group. &lt;/p&gt; &lt;p&gt;The module allows to connect to several AD. The query to AD server occurs on each user authorization or during user import.&lt;/p&gt; &lt;/div&gt; &lt;h3 class=&quot;tab-title&quot;&gt;&lt;i style=&quot;font-size: 25px;&quot; class=&quot;fa fa-table fa-border&quot; aria-hidden=&quot;true&quot;&gt;&lt;/i&gt; Assignment table&lt;/h3&gt; &lt;p&gt;The assignment rules exist in a special &lt;b&gt;Assignment table&lt;/b&gt; in the site’s Control Panel. The assignment allows user groups of the site and the corporate network to have different names. For example, a corporate network user group &lt;b&gt;Techsupport&lt;/b&gt; can be mapped to a site user group &lt;b&gt;Techsupport staff&lt;/b&gt; in Bitrix Framework. Having this assignment made, the administrator enables the &lt;i&gt;corporate network&lt;/i&gt; techsupport members to provide consultancy on the site.&lt;/p&gt; &lt;p&gt;The corporate user groups are given permissions to access the corporate network resources. The corresponding site user groups have permissions to access the site resources. For example, the Techsupport group users can access the corporate mail server; while the Techsupport staff group users can access the Helpdesk module of the site.&lt;/p&gt; &lt;p&gt;According to this example, a &lt;b&gt;Techsupport&lt;/b&gt; corporate user will be automatically added to the Bitrix Framework site &lt;strong&gt;Techsupport staff&lt;/strong&gt; user group upon successful authorization on the site. After that, the system automatically creates the user account stored on the corporate server.&lt;/p&gt; &lt;/div&gt; &lt;h3 class=&quot;tab-title&quot;&gt;&lt;i style=&quot;font-size: 25px;&quot; class=&quot;fa fa-user-plus fa-border&quot; aria-hidden=&quot;true&quot;&gt;&lt;/i&gt; User assigned to several groups&lt;/h3&gt; &lt;p&gt;A user can be assigned to one or more user groups. The system may contain user groups not mapped to those of the corporate network. The administrator has to add users to such groups manually. All changes made to the user profile on the corporate server will be automatically transferred to the CMS user profile at the next authorization time. In this case, only the user groups mapped to those of the corporate network are updated.&lt;/p&gt; &lt;h3 class=&quot;tab-title&quot;&gt;&lt;i style=&quot;font-size: 25px;&quot; class=&quot;fa fa-info-circle fa-border&quot; aria-hidden=&quot;true&quot;&gt;&lt;/i&gt; Summary:&lt;/h3&gt; &lt;p&gt;The &lt;b&gt;AD/LDAP&lt;/b&gt; module enables to:&lt;/p&gt; &lt;ul class=&quot;fa-check-square-o cr-templ&quot;&gt; &lt;li&gt;integrate Bitrix Framework in the corporate network; &lt;/li&gt; &lt;li&gt;[ds]import users[/ds][di]Using the Control panel's page &lt;b&gt;User import&lt;/b&gt; (&lt;span class=&quot;path&quot;&gt;Settings &amp;gt; Users &amp;gt; Imports Users&lt;/span&gt;). Use &lt;b&gt;Active Directory / LDAP&lt;/b&gt; to import users:&lt;br&gt;&lt;br&gt;&lt;a target=&quot;_blank&quot; href=&quot;/support/training/course/index.php?COURSE_ID=178&LESSON_ID=2051&quot;&gt;Learn more ...&lt;/a&gt;[/di] from corporate network to &lt;i&gt;Bitrix Framework&lt;/i&gt;;&lt;/li&gt; &lt;li&gt;map the corporate network user groups to the Bitrix Framework user groups; &lt;/li&gt; &lt;li&gt;automatically create user profiles as per &lt;b&gt;Assignment Table&lt;/b&gt; upon successful registration. (The system creates the profile using data requested from the corporate server database); &lt;/li&gt; &lt;li&gt;manage user profiles via the corporate server in a centralized fashion. &lt;/li&gt; &lt;/ul&gt; &lt;p&gt;The &lt;b&gt;AD/LDAP integration&lt;/b&gt; also allows using [dw]NTLM authorization[/dw][di]&lt;/b&gt; (NT LAN Manager). This requires an &lt;i&gt;IIS&lt;/i&gt; or &lt;i&gt;Apache&lt;/i&gt; web server with &lt;b&gt;mod_ntlm&lt;/b&gt; or &lt;b&gt;mod_auth_sspi&lt;/b&gt;. &lt;/p&gt; &lt;/div&gt; &lt;br&gt;&lt;br/&gt;

Bitrix24 Self-hosted administration

LDAP module features

Assignment table

User assigned to several groups

Summary: