You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
| Group Object Class | Object class used for group entries. | groupOfUniqueNames |
19
+
| Group Member Attribute | Naming attribute for group membership. | uniqueMember |
20
+
| Group Search Base | Relative Distinguished Name (RDN) of your group entries. | ou=groups,dc=example,dc=org |
21
+
| User RDN attribute | The attribute which is a part of the user's DN (the leftmost component of the DN). | None, defaults to the username attribute |
22
22
23
23
## Settings in depth
24
24
@@ -31,7 +31,8 @@ There are a few settings that may be not so obvious:
31
31
Changing the RDN attribute may cause your users to be re-added to Defguard, causing potential loss of Defguard-specific user data, e.g. their device information.
32
32
{% endhint %}
33
33
34
-
*`User RDN attribute`: The attribute used in your user's DN. It will be used to link users between LDAP and Defguard. Depending on your setup, it may be different than the attribute used for usernames. 
34
+
*`User RDN attribute`: The attribute used in your user's DN. It will be used to link users between LDAP and Defguard. Depending on your setup, it may be different than the attribute used for usernames. If left empty, your username attribute will be used instead. For example:\
35
+
Given a user DN of `cn=user1,cn=users,dc=ad,dc=example,dc=com` you would set the RDN attribute to `cn`.
35
36
*`Username attribute`: The username attribute which will be used to set the username of a Defguard user. The following restrictions apply:
36
37
* Only alphanumeric characters except for <kbd>.</kbd>, <kbd>-</kbd> or <kbd>\_</kbd>
Copy file name to clipboardExpand all lines: features/setting-up-your-instance/upgrading.md
+14Lines changed: 14 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -9,6 +9,20 @@ icon: chevrons-up
9
9
Before doing any updates please remember to **backup your database.**
10
10
{% endhint %}
11
11
12
+
## 1.3.0 any previous alpha -> alpha 4
13
+
14
+
### Core
15
+
16
+
LDAP integration received a major overhaul of how users are mapped to Defguard users when the two way synchronization is enabled. Now users are always identified by their leftmost DN value. 
17
+
18
+
A new synchronization may cause some of your users to be re-added, which in turn may cause the loss of some of their Defguard specific data (e.g. their devices). This will happen if your leftmost DN component's attribute (referred to as RDN) is not the same as your current username attribute. This issue is only related to the two way synchronization mechanism and occurs only if you used one of the previous alphas of 1.3.0. Upgrading from any previous release to alpha 4 (skipping the alphas before) should not result in this happening.
19
+
20
+
Before an upgrade, turn off the two way synchronization. After upgrading you will have access to a new option, the RDN user attribute:
Set it according to your LDAP server setup. This should be the DN's leftmost component attribute, e.g. in the case of `cn=user1,cn=users,dc=ad,dc=example,dc=com` this would be "cn". This attribute is needed to properly identify users in your LDAP server. The username attribute will be mapped to Defguard usernames. Read [settings-table.md](../../enterprise/all-enteprise-features/ldap-and-active-directory-integration/settings-table.md"mention") for a description of those settings options. After you configured this value, you can re-enable the two way synchronization.
25
+
12
26
## 1.3.0 (alpha)
13
27
14
28
* If you used the LDAP integration previously, it will be off by default after upgrading. You will have to manually enable it in the settings in the LDAP tab:\
0 commit comments