Menu

Connect to LDAP and Import Users

Overview

If you are using an LDAP server to store accounts in your organization, you can import these accounts into qTest Manager. An LDAP directory is a collection of data about users and groups. LDAP (Lightweight Directory Access Protocol) is an Internet protocol that web applications can use to look up information about those users and groups from the LDAP server.

Supported LDAP Directory Servers

We provide built-in connectors for the most popular LDAP directory servers:

  • Microsoft Active Directory
  • Apache Directory Server (ApacheDS)
  • Apple Open Directory
  • Fedora Directory Server
  • Novell eDirectory
  • OpenDS
  • OpenLDAP
  • OpenLDAP Using Posix Schema
  • Sun Directory Server Enterprise Edition (DSEE)
  • A generic LDAP directory server

  Important:

  • We support synchronizing user data from your LDAP server to qTest Manager.
  • Account updates in qTest will not be synced back to your LDAP server.
  • If you are using qTest Cloud, please configure your firewall settings to accept requests from the following Amazon servers' elastic IP addresses.  This must be a Bi-directional connection to accept inbound and outbound requests between the qTest Amazon Elastic IPs and your LDAP Server.
    • 54.83.56.253
    • 54.83.57.47
    • 54.83.57.78
    • 54.83.57.122
    • 54.83.57.143
    • 54.83.57.153

Configuring LDAP Connections

Note: You will need the Site Administrator permission to configure LDAP connections.

Add LDAP Connections

To create a new LDAP connection, follow these steps:

    1. In Manager, hover over your username. In the drop-down menu, select Administration.
    2. In, Site Administration, select the Authentication Integration tab.
    3. In the Navigation panel, select LDAP as your External System and then select the 
    4. Select the Add new External System Config icon. The "External Systems" dialog displays. Add_New_External_System_Config.png
    5. Input an LDAP name and fill out the required fields in the "Configuration" section of the page.
    6. Select Save.
      NOTE: You can create and activate multiple connections to various LDAP servers.

Edit LDAP Connections

  1. In, the Authentication Integration tab, select an existing LDAP connection from the left navigation panel.
  2. In the right-hand side input form, you can change its name and configurations.
  3. Select Save.

Configure LDAP Connections

To configure an LDAP connection, input the following information:

  1. URL: Input a URL in this format: hostname:port
    • Hostname: The hostname or IP of your directory server
    • Port: The port on which your directory server is listening

    IMPORTANT: Do not enter the protocol.

  2. Base DN: The root distinguished name (DN) to use when running queries against the directory server. For example:

    o=example,c=com
    		

    cn=users,dc=ad,dc=example,dc=com
    		


    HINT
    : For Microsoft Active Directory, specify the base DN in the following format.  dc=domain1,dc=local 

    You will need to replace the domain1 and local for your specific configuration. Microsoft Server provides a tool called ldp.exe which is useful for finding out and configuring the LDAP structure of your server.

  3. Search Base: This value is used in addition to the base DN when searching and loading users. If no value is supplied, the subtree search will start from the base DN.  For example:

    ou=Users
    		
  4. Search Filter: The filter to use when searching user objects. For example:

    (&(objectCategory=Person)(sAMAccountName=*))
    		
  5. User DN: The distinguished name of the user that the application will use when connecting to the directory server. For example:

    cn=administrator,cn=users,dc=ad,dc=example,dc=com
    		

    cn=user,dc=domain,dc=name
    		

    HINT: Ensure this is an administrator user for the LDAP engine. For example, in Active Directory the user will need to be a member of the built-in Administrators group.

  6. Password: The password of the user specified above.
  7. Mapping fields: You will need to map qTest Manager user properties (Username, First name, Last name, and Email) with corresponding LDAP attributes.
  8. If your LDAP server is using SSL connection, check on Use SSL connection.
  9. If you are using Active Directory, check on Is Active Directory?
  10. Click on the Test Connection button to verify if qTest Manager is able to connect to your LDAP server.
  11. Activate the connection by switching the Activation status on.

    NOTE: If qTest Manager fails to connect to your LDAP server, you will not be able to activate the connection.

Importing Users

As a Site Administrator, you can import users from your authentication system to qTest Manager or merge them with existing qTest users.

    1. In Site Administration select the Licenses - Users tab.
    2. If there is at least one active connection to your authentication system (Eg: LDAP), select the Import Users icon. The "Import Users" dialog displays.


    3. On the Import Users dialog, select one authentication system and then click the Retrieve users button.  It will generate a list of users from your authentication system.
    4. You can filter or search for specific users using any fields in the grid by entering text in text boxes in the first row of the grid.

      NOTE: Only the first 100 users that meet your search criteria are included in the search result.

    5. Select any users from the list then click on the Save button to import them to qTest.



  IMPORTANT:

  • The Email field is required.  If the information is available in LDAP server, it is populated in the field. Otherwise, you need to manually fill it in.
  • You cannot import a user with an email that already exists in qTest Manager.  You can select the checkbox "If qTest email already exists in qTest, merge the LDAP account to that qTest account." to overwrite the existing one.
  • If the number of imported users exceeds the available licenses, you will be alerted and you cannot import the selected users.
  • Once the user is authenticated with an external authentication system, they can use either their username in the authentication system or their qTest Manager email.

On the Users List grid, you can find which external system is authenticating a user in the Authentication System column.  It will show Internal if the user is being authenticated by qTest Manager.

Changing a user's authentication system

    1. On the Users List grid, click on a user's authentication system.
    2. Select another authentication system from the combo box.



    3. The Merge User dialog will open.
    4. Select one of the users from the grid to merge with the selected user.
    5. Click the Save button.

Synchronizing User Data from External Authentication Systems to qTest Manager

There is a daily automated job to sync users' status, first name, and last name from external authentication systems to your qTest Manager.  However, you can manually kick the job by clicking the Sync User Data button.

  IMPORTANT:

  • This job will archive users that are deleted in the authentication systems.
  • If the user has changed his first and last name in qTest, the job will overwrite them with the data in his authentication system.
Powered by Zendesk