Evoko Home introduces a basic LDAP integration in order to make it easier for system administrators to import users from their existing environment to Evoko Home.
The integration requires a LDAP v3 compliant directory and currently has been tested with Microsoft Active Directory and Apache DS.
Table of contents
- Import users via LDAP
- Scheduled LDAP import
- Troubleshooting
- The future of Evoko Home LDAP integration
Import users via LDAP
Under the Users tab in Evoko Home click Import followed by Import from LDAP.
This should prompt a form which contains the below values.
| Field | Comment |
|---|---|
LDAP Server |
Domain name or IP address to the LDAP server. |
Port |
Server port to connect on. 636 is the default for use with TLS (LDAPS) and port 389 for use without TLS (LDAP). |
Disable TLS |
Checkbox to disable the use of TLS e.g. for non-secure LDAP connections on port 389. |
Username |
LDAP user (e.g. ldap-user@domain.tld) to be used for authentication. |
Password |
Password for the above mentioned LDAP user. |
LDAP Search Base |
Defines the directory base from which the LDAP search begins, for example ou=finance,dc=domain,dc=tld or ou=finance,o=organisation etc. |
LDAP RFID Attribute |
Tells Evoko Home which LDAP attribute contains the RFID information. |
LDAP Search Filter |
A search filter which will be applied within the defined LDAP search Base. The default value is (objectClass=organizationalperson) but can be changed to better fit your search. |
Fill out server, port, username and password, then click Check Connection. If the connection is successful, fill out the rest of the information and click Import to initiate.
If successful a prompt with results should be displayed, otherwise it should throw an error.
Scheduled LDAP import
Under the Users tab, click Import, then Scheduled Import:
Switch to the LDAP tab, click Activate Update and enter the LDAP server credentials. Then click Check connection, and fill in the rest of the details:
LDAP Troubleshooting
A short list of common pitfalls when configuring LDAP import in Evoko Home.
- If you're seeing an
Error 500: Read ECONNRESET, try changing port to 389 and disable TLS. - If you get an
AcceptSecurityContexterror, please see the below table to find the reason:
Error code Message 525 User not found 52e Invalid credentials 530 Not permitted to logon at this time 531 Not permitted to logon at this workstation 532 Password expired 533 Account disabled 701 Account expired 773 User must reset password 775 User account locked - The 52e - Invalid credentials message might mean the username is not formatted according to expectations. Try changing to
username@domain.tld,domain\usernameor justusername. - If you're not seeing all of the expected users, double check your search base, make sure the users are valid and have an email address set (which is required). Also try to expand your LDAP filter to be more inclusive. For more information on LDAP filter syntax, please see the LDAP documentation at LDAP.com or at Microsoft.com.
The future of Evoko Home LDAP integration
We recognize that different environments require different options, and therefore we want to let you know that we do intend to keep improving the LDAP integration.
We're interested in hearing your feedback on the LDAP integration going forward and better understand the major challenges that exist out there, so please let us know your thoughts by submitting a request.