Adding a server

passwork supports ldap and ad integration, allowing users to log in to passwork using their corporate credentials with ldap you will be able to import users directly from your database and automatically create them in passwork configure login restrictions for specific user groups associate ad groups with passwork roles and their access rights set up automatic synchronization of users with passwork start ldap integration by adding a server 1\ adding a server /#server name and host 2\ adding a server /#server code 3\ adding a server /#service account 4\ adding a server /#authorization 5\ adding a server /#user attribute mapping server name and host first, type in the server name it will be displayed in passwork then specify your ldap server's ip or hostname in the primary host field it should include the protocol and port for example you can also add a reserve ldap server passwork will use it if the primary server fails if you are using a ldaps protocol, specify the cn (common name) of the active directory certificate instead of the ip address for example you can read more about setting up and using ldaps on the ldaps setup docid\ sxayihxxn8clspi1tdir page server code server code is a unique alphanumeric code that is added to a user's login passwork reads this code and performs authorization through the ldap server whose code was specified you can leave this field blank if you only have one ldap server and users without a code will use this server for authorization if you want to user several ldap servers, you need to specify a server code for each of them for example, if the server code is dc1 , then the user's login in passwork will be user\@dc1 if the user specfies the user\@dc1 login during authorization, passwork will detect the dc1 server code, find it in the database and connect to this ldap server if the user specifies a login without a server code, then passwork will look for an ldap server that doesn't have one and will try to connect to it service account specify the login and password of the service account that has access to users in active directory choose the attribute name for ldap login from the list if your ldap server uses windows, choose samaccountname if your ldap server runs on a linux based os, choose uid if user logins are not stored in the default attribute on your ldap server, specify the name of the required attribute manually passwork stores this data in an encrypted format the saved password can be changed, but cannot be viewed to check if the entered data is correct, use the test button authorization passwork can authorize users through a service account or by mask authorization through the service account first, authorization goes through the service account, then passwork performs a user search by login and attempts to authorize using the login and password this type of authorization can be divided into following stages on the authorization page, the user enters their username and password the passwork server uses a service account to find a user with matching login in ldap and gets his dn the passwork server sends a bind request to the ldap server with the dn (distinguished name) of the user and their password the ldap server checks if the entered credentials match the data stored in its database if everything is correct, then the ldap server confirms authentication to the passwork server the passwork server receives the confirmation from the ldap server and allows the user to access the system service account is the most reliable and preferred authorization tool authorization through the mask the mask turns a passwork's user login into a dn string, which is used for authorization in ldap and ad dn strings look like this login user + mask @my domain local → dn user\@my domain local login user + mask \<login> → dn user login user + mask mydomain\\\<login> → dn mydomain\user login user + mask uid=\<login>,ou=users,dc=example,dc=com → dn uid=user,ou=users,dc=example,dc=com types of dn masks depend on the operating system and server settings for example, for active directory on windows, one of these masks usually applies \<login> your domain name/\<login> \<login>@your domain name \<login>@your domain name local for ldap on linux uid=\<login>,ou=users,dc=example,dc=com user attribute mapping to use such ldap attributes as user email and full name in passwork, specify the names of these attributes usually username is stored in one of the following attributes displayname nm cn commonname name user's email is stored in the mail attribute by default