This article explains how to connect Active Directory (AD) with IDIS Solution Suite (ISS) using the LDAP configuration menu. Once configured, users and groups from your Windows Server domain can be managed directly through the User Menu in the ISS Setup Application.
What is Active Directory (AD)?
Active Directory is Microsoft’s directory service that stores and manages user accounts, computers, and groups in a centralized database.
LDAP (Lightweight Directory Access Protocol) is the standard method used to communicate with directory services and verify user credentials.
Note: LDAP is not exclusive to Microsoft Active Directory. It is a universal Directory Access Protocol used by various directory systems such as OpenLDAP, Apache Directory, and Oracle Internet Directory. However, Active Directory is the most common implementation in enterprise environments, and IDIS Solution Suite is compatible with any LDAP-compliant directory service.
How to Configure LDAP in IDIS Solution Suite
Step 1: Open IDIS Solution Suite Setup
On the server where IDIS Solution Suite is installed:
Launch IDIS Solution Suite Setup from the desktop or Start Menu.
Log in with an account that has Administrator rights.
Step 2: Access System Setup
Once logged in, select the System Setup icon (gear icon).
This opens the system configuration menus.
Step 3: Configure LDAP Settings
In the left menu, click LDAP.
Enable LDAP by checking the Enable box. If Active Directory Menu is displayed please review as well.
Fill in the required fields as shown above:
Click Apply or OK when finished.
See before for examples:
Field Description Example Value IP Address IP of your Active Directory server (Domain Controller) 192.168.1.10Port Number Default port 389, or636for LDAPS (secure)636Use SSL/TLS Enable if LDAPS is configured on your server ✔️ ID Service account or AD user with read access CN=ldap_reader,CN=Users,DC=idisam,DC=localPassword Password for the above account (your password) ContainerName Folder or Organizational Unit where users/groups are located CN=Users,DC=idisam,DC=localObjectClass(User) Defines what is considered a user object userUID(User) Login name field used for authentication sAMAccountNameDisplayName(User) User’s full display name displayNameMail(User) Email address mailPhoneNumber(User) User’s phone number telephoneNumberGroups(User) Lists all groups the user belongs to memberOfObjectClass(Group) Defines what is considered a group object groupName(Group) Group name field cn
Step 4 – Add Users or Groups from Active Directory
Once LDAP is configured.
Go to the User menu (top icon with the person symbol).
Select an existing user group or create a new one by clicking the + icon on the bottom left.
When prompted, choose whether to add an individual user or a user group from Active Directory.
Select Active Directory or LDAP then login with credentials. (Select AD if you are using AD)
- Use keyword and search or just click on search to read database.
- Add the users or groups you want to add.
- Press Okay to confirm and the user or groups will appear in the ISS User group. The AD Group will have a Windows Icon.
or user will be listed like this.
You can control Device Authority by clicking on the edit button on the bottom right and review the Device Access Authority and Authority Tab.
Step 5 - Login Test
Go to client PC that is logged into ISS and make sure to configured login to include Active Directory by editing the here -
Depending on your system configuration:
If SSL/TLS (LDAPS) is enabled, credentials may be automatically populated for users already logged into the domain.
If not using SSL/TLS, the password field may still require manual input during ISS Client login.
Tips for a Successful Setup
Ensure the ISS server can reach the Domain Controller over the selected port (389 or 636).
If using SSL/TLS, verify your Domain Controller has a valid certificate.
The LDAP account used in the configuration only needs read permission in AD.
Adjust ContainerName to match your specific OU structure (e.g.,
OU=Employees,DC=idisam,DC=local).Use AD groups such as IDIS_Admins, IDIS_Operators, and IDIS_Viewers to simplify permission mapping.
Comments
0 comments
Please sign in to leave a comment.