Synchronizing LDAP Users

You can manually synchronize users or synchronize them during a nightly batch job, but make sure you allow for performance and take care to use the correct rules.

Fastpath: Admin Console: People > Settings > Directory Server Settings > User Synchronization
Typically, a user's profile is synchronized to LDAP each time the user logs in to the community. This occurs if you selected Synchronize User's Profile on Login. You can also run synchronization nightly to catch up with any changes during the day. However, you may occasionally want to synchronize users manually. You may want to synchronize manually when:
  • You have added a number of new users in LDAP who have never logged into the community
  • You want to mass-disable community users from LDAP.

To set up synchronization:

  1. In the Admin Console, click People > Settings > Directory Server Settings
  2. Make sure you've defined a valid connection to an LDAP directory server. (If you don't have a working connection defined, you won't be able to see the rest of the configuration screens.
  3. Click User Synchronization.
  4. If you want to automatically synchronize fields every night, select Scheduled sync task enabled.
  5. If you want to synchronize each user's fields whenever they log in, select Synchronize user profiles on login.
  6. If you want synchronization to result in user accounts that have been deleted from LDAP being auto-disabled, select Disable federated user accounts not found in the directory. If you check this box, you can also disable users based on matching a field value if you set the User Disabled Field and User Disabled Field Value fields in the User Mapping tab. See User Mapping for more information about these fields.
  7. If you want to synchronize right now, click Run Synchronization Task Now..