Table of Contents
ToggleWhat is Directory Sync?
With OpenLM Directory Sync, an organization can synchronize their OpenLM database with their main directory service. Right now, this feature is available for directories that follow the LDAP protocol (such as AWS directory, Azure AD, Google Directory, Novail eDirectory, ApacheDSa, and Active Directory.
In the process of Directory Sync, there are two crucial components:
Directory Synchronization Services (DSS)
Imagine DSS as a central hub that communicates directly with OpenLM Server. You can install DSS on the same machine as OpenLM Server for convenience, or keep them separate. DSS is like a manager for software programs called DS Agents (DSA).
The function of DSS is twofold:
- Storing Sync Definitions: These definitions act as instructions, specifying the user information that needs to be retrieved.
- Managing DS Agents: DSS controls these programs, telling them what to do.
There can be one or more DSAs connected to DSS. These agents reach out to DSS to receive instructions (sync definitions) and report the data they collect back to DSS.
Directory Synchronization Agent (DSA)
DSA, or Directory Synchronization Agent, is a software program that works alongside DSS (Directory Synchronization Services). DSA can be set up on the same computer as DSS or on a different one. It retrieves instructions, called sync definitions, from DSS. These definitions tell DSA which user information to look up. DSA then goes to the domain directory, which is a large database that stores user information like email addresses and departments, and retrieves the data. Finally, it sends this data back to DSS.
In simpler terms, DSA acts like a messenger between DSS and the domain directory. It gets a list of users to look up from DSS, fetches their information from the domaim directory, and delivers it back to DSS.
What can you do with Directory Sync?
Have a clear visibility of your end users
Directory Sync streamlines user and group management, allowing you to efficiently import your organization’s directory data into OpenLM. This simplifies setting clear access rules for software licenses.
Simplify chargeback process
Directory Sync unlocks powerful chargeback capabilities. By tracking software usage by individual users and groups, you can eliminate the need for a centralized license budget. Instead, license costs automatically align with the business units (groups) that use them, promoting cost transparency and efficient resource allocation.
Streamline license compliance
Directory Sync seamlessly integrates with OpenLM, eliminating the manual burden of monitoring license usage. Simply define your access rules, and OpenLM automates enforcement across your organization, ensuring consistent compliance.
Enrich usage reporting
OpenLM Directory Sync unlocks powerful insights, enabling you to visualize the license usage patterns of both individuals and groups within your organization.
Ready to install Directory Sync? Here’s what you’ll need:
- OpenLM SLM 21 or a higher version: Ensure you have a compatible version of OpenLM SLM software.
- Directory Sync Extension License: Verify your OpenLM license includes support for the Directory Sync extension.
- Network Connectivity: The installation machine (and DSA if separate) needs to be on the same network as your Active Directory domain controller.
- Open Ports: Make sure ports 7026 (inbound) and 5000, 5015 (outbound) are open on the installation machine.
- Supported Database: Choose a designated schema within a supported database like MariaDB, MS SQL, or MySQL.
Watch this webinar for further guidance on Active Directory integration, including a live demo of the installation of DSS and DSA and Directory Sync Configuration.
Also, write to us if you have specific queries about Directory Sync or anything related to smart SLM.