Local Active Directory
Menu Path: Settings > Inbound Provisioning > Local Active Directory
Table of Contents
- Overview
- Server Information (Local Active Directory Server Information)
- Administrator Authentication
- Search Options Configuration {#검색-옵션}
- User Search Configuration
- Automatic Synchronization
- Manual Synchronization
- Error Handling
- Cautions
Overview
Synchronize users and groups registered in the internal local Active Directory (AD) server with the Security365 management center.
**Reference:**You can only enable one inbound provisioning method. If you enable local Active Directory synchronization, other methods (SCI Server, Microsoft365, CSV directory synchronization) will be disabled.
Preconditions:
- The local AD server must be configured and accessible over the network from the Security365 server.
- The AD server ports (LDAP default: 389 / LDAPS default: 636) must be allowed through the firewall.
Server Information (Local Active Directory Server Information)
Server Configuration
| item | Description | Input Example |
|---|---|---|
| Server Type | Server Type (Non-changeable, Fixed Value) | ACTIVE_DIRECTORY |
| Server URL | AD server address (including protocol) | protocol://domain:port |
| Base DC | Search Criteria Domain Component | dc=yourcompany |
Server URL format: 프로토콜://서버주소:포트
| Connection Method | Default Port | example |
|---|---|---|
| LDAP (Unencrypted) | 389 | ldap://192.168.1.100:389 |
| LDAPS (Encryption) | 636 | ldaps://192.168.1.100:636 |
**Reference:**Base DC specifies the top-level domain path of the organization. For example, the domain is
yourcompany.comin casedc=yourcompany,dc=comInput in the format.
Administrator Authentication
| item | Description |
|---|---|
| Admin ID | AD Server Administrator Account ID |
| Admin Password | AD server administrator account password |
To change your password**[Change]**Click the button.
**Caution:**The admin account must have read permissions for the AD directory. If permissions are insufficient, synchronization failures may occur.
Search Options Configuration
| item | Description | default value |
|---|---|---|
| Search Scope | Search Scope | ONELEVEL |
| Page Size | Number of records to fetch at once | 50 |
| Referral | AD Reference Processing Method | FOLLOW |
| Connection Timeout (ms) | Server connection timeout (milliseconds) | 200 |
| Read Timeout | Data Read Timeout (Milliseconds) | 100 |
Search Scope option:
| Options | Description |
|---|---|
| ONELEVEL | Search only the immediate sub-items of Base DC |
| SUBTREE | Recursively search Base DC and all sub-items |
**Reference:**If the organizational structure is complex or needs to be synchronized down to all sub OUs (organizational units)
SUBTREESelect. The wider the search range, the longer the synchronization time may be.
Referral options:
| Options | Description |
|---|---|
| FOLLOW | Automatically follow and search referenced other AD servers |
| IGNORE | Ignore references and search only on the current server. |
| THROW | Handle as an error when a reference occurs |
**Reference:**Adjust the Connection Timeout / Read Timeout values according to the network environment and the response speed of the AD server. If the values are too low, timeout errors may occur even in normal environments.
User Search Configuration
| item | Description | Input Example |
|---|---|---|
| Base DN | User Search Starting Location (Distinguished Name) | ou=Org1,ou=Users[ou=Org2],ou=Users |
**Reference:**Enter the path of the OU (Organizational Unit) where the user account is located as the Base DN. You can specify a sub-path that is the same as or more specific than the Base DC.
Automatic Synchronization
| item | Description |
|---|---|
| Automatic Synchronization | Use / Do not use selection |
| Synchronization Period | Set the time (hour/minute) to run daily when using automatic synchronization. |
Manual Synchronization
After saving the settings, in the inbound provisioning list screen on the local Active Directory card,**[Manual Synchronization]**Clicking the button will immediately execute the synchronization.
**Caution:**Duplicate execution is not possible while synchronization is in progress.
Error Handling
| Error Situation | Verification Items |
|---|---|
| Server connection failed | Check Server URL Format and Port Number / Check Firewall Port Opening Status |
| Authentication failed | Admin ID / Admin Password Check / Account Lock Status Check |
| User/Group Missing | Check Search Scope Settings / Verify Base DC, Base DN Path |
| Timeout Error | Increase Connection Timeout / Read Timeout Value Setting |
Cautions
- The network connection between the local AD server and the Security365 server must be smooth. Please check in advance whether the ports are open in the firewall policy.
- When using LDAPS (encrypted connection), certificate configuration may be required. Please contact the responsible team depending on your environment.
- Even if you directly modify the synchronized user information in the management center, it will be overwritten by the original information from the AD server during the next synchronization execution. If permanent changes are needed, please make the modifications on the AD server first.
- If the Connection Timeout / Read Timeout values are set too low, timeout errors may occur even in normal environments.
- Only one inbound provisioning method can be activated, and if another method is already activated, it must be used after switching.