If you are using an LDAP server to store accounts in your organization, you can import these accounts into qTest Manager. An LDAP directory is a collection of data about users and groups. LDAP (Lightweight Directory Access Protocol) is an Internet protocol that web applications can use to look up information about those users and groups from the LDAP server.
Supported LDAP Directory Servers
We provide built-in connectors for the most popular LDAP directory servers:
- Microsoft Active Directory
- Apache Directory Server (ApacheDS)
- Apple Open Directory
- Fedora Directory Server
- Novell eDirectory
- OpenLDAP Using Posix Schema
- Sun Directory Server Enterprise Edition (DSEE)
- A generic LDAP directory server
- We support synchronizing user data from your LDAP server to qTest Manager.
- Account updates in qTest will not be synced back to your LDAP server.
- If you are using qTest Cloud, please configure your firewall settings to accept requests from the following Amazon servers' elastic IP addresses. This must be a Bi-directional connection to accept inbound and outbound requests between the qTest Amazon Elastic IPs and your LDAP Server.
Configuring LDAP Connections
Note: You will need the Site Administrator permission to configure LDAP connections.
Add LDAP Connections
To create a new LDAP connection, follow these steps:
- In Manager, hover over your username. In the drop-down menu, select Administration.
- In, Site Administration, select the Authentication Integration tab.
- In the Navigation panel, select LDAP as your External System and then select the
- Select the Add new External System Config icon. The "External Systems" dialog displays.
- Input an LDAP name and fill out the required fields in the "Configuration" section of the page.
- Select Save.
NOTE: You can create and activate multiple connections to various LDAP servers.
Edit LDAP Connections
- In, the Authentication Integration tab, select an existing LDAP connection from the left navigation panel.
- In the right-hand side input form, you can change its name and configurations.
- Select Save.
Configure LDAP Connections
Ensure the user who configures the LDAP connection, has LDAP account credentials that are part of the user repository with "view" permissions. It is not required for this LDAP account to have Admin credentials.
To configure an LDAP connection, input the following information:
- URL: Input a URL in this format: hostname:port
- Hostname: The hostname or IP of your directory server
- Port: The port on which your directory server is listening
IMPORTANT: Do not enter the protocol.
- Base DN: The root distinguished name (DN) to use when running queries against the directory server. For example:
HINT: For Microsoft Active Directory, specify the base DN in the following format. dc=domain1,dc=local
You will need to replace the domain1 and local for your specific configuration. Microsoft Server provides a tool called ldp.exe which is useful for finding out and configuring the LDAP structure of your server.
- Search Base: This value is used in addition to the base DN when searching and loading users. If no value is supplied, the subtree search will start from the base DN. For example:
- Search Filter: The filter to use when searching user objects. For example:
- User DN: The distinguished name of the user that the application will use when connecting to the directory server. For example:
- Password: The password of the user specified above.
- Mapping fields: You will need to map the qTest Manager user properties below with corresponding LDAP attributes
- First name
- Last name
- If your LDAP server is using SSL connection, check on Use SSL connection.
- If you are using Active Directory, check Is Active Directory?
- Select Test Connection to verify if qTest Manager is able to connect to your LDAP server.
- Activate the connection by switching the Activation status on.
NOTE: If qTest Manager fails to connect to your LDAP server, you will not be able to activate the connection.
As a Site Administrator, you can import users from your authentication system to qTest Manager, or merge them with existing qTest users.
To import users:
- In Site Administration select the Licenses tab.
- If there is at least one active connection to your authentication system (Eg: LDAP), you will see/select the Import From LDAP button.
- The Import Users dialog opens and select one authentication system from the drop-down.
- Select Retrieve users the system generates a list of users from your authentication system.
- You can filter or search for specific users using any fields in the grid by entering text in text boxes in the first row of the grid.
NOTE: Only the first 100 users that meet your search criteria are included in the search result.
- Select any users from the list then select Save to import them to qTest.
- The Email field is required. If the information is available in LDAP server, it is populated in the field. Otherwise, you need to manually fill it in.
- You cannot import a user with an email that already exists in qTest Manager. You can select the checkbox "If qTest email already exists in qTest, merge the LDAP account to that qTest account." to overwrite the existing one.
- If the number of imported users exceeds the available licenses, you will be alerted, and you cannot import the selected users.
- Once the user is authenticated with an external authentication system, they can use either their username in the authentication system or their qTest Manager email.
On the Users List grid, you can find which external system is authenticating a user in the Authentication System column. It will show Internal if the user is being authenticated by qTest Manager.
Changing a User's Authentication System
To change a User's Authentication system, follow these steps:
Synchronizing User Data from External Authentication Systems to qTest Manager
There is a daily automated job to sync users' status, first name, and last name from external authentication systems to your qTest Manager. However, you can manually kick the job by selecting Sync User Data.
- This job will archive users that are deleted in the authentication systems.
- If the user has changed his first and last name in qTest, the job will overwrite them with the data in his authentication system.