Knowledge Base
  • Select Role
  • English
  • Login

LDAP User Management

Introduction

Managing users efficiently is crucial in any enterprise system. Joget Enterprise allows you to manage users from the internal Joget directory and an LDAP directory, such as Active Directory. This integration simplifies user management and enhances security by centralizing user authentication and permissions.

How does it work?

Number of users

LDAP directory manager, when configured, counts both the internal users and the LDAP users in ascending order alphabetically (when the plugin is used). So, an administrator of the system should be cautious while trying to import the users from LDAP, keeping in mind that the number of users does not exceed the license value.

For Example:

  1. If a Joget user license is for 100 users and the number of internal users=35. Then admin should configure the LDAP plugin such that the imported users do now exceed 65.
  2. The Joget user license for 25 users means that the first 25 usernames in ascending order can log in to Joget. A Joget license for 25 users means 25 active logins at a time, but only for the first 25 usernames in ascending order, regardless if the usernames are local users or connected to AD/LDAP, and it counts all usernames regardless of their active or inactive status in Setup Users.

For the trial license, there is a 3-user limitation: if you would like to perform tests on several test users, you will need to remove all the other users until your test user can be in the top 3 spots in the user list.

User creation and deletion

  • Creation: When a new user is added to LDAP, it will be automatically created in Joget’s user database.

  • Deletion: Users must be deleted within Joget, not LDAP. If a user is deleted from LDAP but still exists in Joget, the user will be marked as inactive. Joget does not automatically delete users based on LDAP changes.
    Here is the logic of this  event:

    //set remaining user with password is null to inactive
        for (String username : userMap.keySet()) {
            User u = userMap.get(username);
            u.setActive(0);
            getUserDao().updateUser(u);
        }

    For deleting a user that is bound to the dir_employment table by a foreign_key constraint, you can use these methods : 

    1. Use the delete user function built in from the Joget admin menu. It will do a cascading delete that sequentially removes the correct entries needed from all the child tables first. 
    2. Disable the foreign key check temporarily to allow your cleanup script to work, then reenable it afterward. example SQL to do so:
      Beginning of sql file: "set foreign_key_checks=0";
 
-- do your cleanup script here 
 
End of sql file: "set foreign_key_checks=1";
      Modifying database tables and constraints directly should only be done as a last resort. Always back up your database before performing such actions.  
       

User monitoring

To monitor and manage users effectively, use the following fields:

  • User Base DN: This field allows you to import users from a specific Base DN and all directories under it.
  • User Import Search Filter: This filter lets you specify criteria for importing users, such as excluding those without a username.

Related documentation

Created by Julieth Last modified by Aadrian on Dec 13, 2024
Tags:
Previous Simultaneous Internal and External Directory Managers NextApp Guides