User Tools

Site Tools


ldap_synchronization_tool

Lucy LDAP Synchronization Tool

The Lucy LDAP Synchronization Tool is a Windows-based software for both a one-time sync or can be installed as a Windows service for periodic syncronization. It receives user data from your Active Directory environment, prepares and imports into a selected recipient group in Lucy.

:!: Currently only recipients import is supported.

System requirements

To install the Lucy LDAP Synchronization Tool, your computer must meet the minimum requirements below.

Processor 1 GHz or faster 32-bit (x86) or 64-bit (x64)
Operating System Windows 7 (x86, x64) or later
Server 2012 R2 (x64) or later
*Operating system must have .NET Framework 4.5 or later installed
Memory 1 GB RAM (32-bit) or 2 GB RAM (64-bit)
Disk Space 100 Mb or more

Lucy configuration requirements

In order to allow the tool to manage recipient groups in Lucy, you must add your current workstation IP address (or your public IP address if you use a remote Lucy server) to the API Whitelist. Learn more here.

Install the Lucy LDAP Synchronization Tool

  1. Download the tool:
    LDAP Sync Tool v2.4 - Download
    LDAP Sync Tool v1.2 - Download
  2. Unpack then Run LucyLdapSynchronizationTool.msi file. If prompted by User Account Control, click Yes to allow
  3. On the Lucy LDAP Synchronization Tool Setup Wizard, click Next
  4. Confirm your desired installation path, then click Next
  5. Click Install. If prompted by User Account Control, click Yes to allow
  6. When the installation is complete, click Finish
  7. Once installed, the program icon will appear on your desktop, and the Start menu

Configure the Connection settings to Lucy

The first step is to configure the connection to your Lucy server by entering the following information:

  • Server - Domain name of Lucy's Admin console or IP address of Lucy server (e.g., lucydomain.com, 172.10.0.128). A custom port can be specified after the colon (e.g. lucydomain.com:8443)
  • Username and Password - Administrator login credentials

:!: Click on "Test connection" to validate the credentials.

When finished, click Next to create a new recipient group or select an existing one.

Configure the Connection settings to Active Directory LDAP Server

Next, you need to configure the connection between the tool and your Active Directory by entering the following information:

  • Host - domain name or IP address of the domain controller (e.g., ldap.domain.local)
  • Port - (default: 389 or 636) or LDAP port. If "Use Global Catalog" and "Use SSL" are enabled you should use the ports 3268 and 3269
  • Username and Password - current user login credentials or a specific set of user credentials
  • Use SSL - enable secure connection
  • Use Global Catalog - enable to find objects in an Active Directory domain tree, given one or more attributes of the target object
  • Base DN - root node under which all of your user and group objects are located
  • Auth type - (default: Negotiate) method which is used to authenticate the LDAP connection

When finished, click Next to select Active Directory groups.

Select the Active Directory groups to export

Once your Active Directory settings are configured, select the Active Directory groups from which users will be imported into Lucy.

There are two options:

  • Define filter for a single group - allows to select several AD groups to be imported into one Lucy's recipients group.
  • Select multiple User Groups - allows to select several AD groups to import each into its own recipients group in Lucy.

If an option Define filter for a single group is used, you may either select an existing group or create a new recipient group using the buttons "New recipient group" and "Delete recipient group".

:!: Please keep in mind that deleting any recipient groups using the tool may affect the statistics in your campaigns. Deletion cannot be undone.

You can also use Search filter to find the specific group.

At this point select an LDAP group for synchronization or use Filter to build your own query.

You may use regular Active Directory search filters, for example: (|(objectClass=inetOrgPerson)(objectClass=user)). See Microsoft Documentation for more info.

Click on "Test filter" to see the first 10 users received from Active Directory.

When you have selected the Active Directory group, click Next to see the overall settings.

Multiple group sync

Multiple group synchronization can be proceeded with the latest version of the LDAP synchronization tool. Selecting multiple AD groups will add separate recipient groups to Lucy.

Check Active Directory groups and press Add

:!: Attention! A new recipient group will be created in Lucy with the same name as the user group. If the recipient group already exists, new recipients will be added to it. Please note that Lucy will send emails for any new recipients added to the running campaign.

Review the settings

Verify the settings and click Next when you are ready to start the import.

Finishing

Once the synchronization process is finished, you can observe the debug log.

You can save the import settings to a file by clicking the "Save config" button. The file can be used the next time you import recipients. To do this, select the configuration file at the first step of the synchronization wizard.

Click on "Register service" to install the tool as a Windows service. When running as a Windows service, the tool performs the sync every 10 minutes (:!: not configurable in the current version).

To remove the service, run the tool once again and click "Remove service" on the Lucy connection settings step.

Default actions

By default, the tool performs the following actions when specific events happen to users in your Active Directory (the actions are not configurable in the current version):

  • When a new user in Active Directory is detected: Automatically create recipient in Lucy and add it to the selected recipient group.
  • When a user in Active Directory is deleted: Automatically delete recipient from Lucy
  • When a user in Active Directory is removed from group in filter: Automatically delete recipient from Lucy
  • When user information in Active Directory is changed: Automatically update existing recipient in Lucy with the new information.

Troubleshooting

  • Login error The remote server returned an error: (400) Bad Request

Possible reasons: The account used is not an administrator
Login or password is invalid.
Solution: Use an account with Administrator role.
Check your credentials or try another account
  • Login error The remote server returned an error: (401) Unauthorized

Possible reasons: Your IP address is not listed in the API whitelist
Solution: Add your computer IP address to API whitelist. Learn more here.
  • Connection error The LDAP server is unavailable

Possible reasons: Active Directory server is not accessable from your computer (behind a firewall).
Invalid credentials or insufficient permissions.
Solution: Run the tool while inside the corporate network or connect to it using VPN.
Check your account or use a different account.

Changelog

  • v1.0 (January 2020) - Released the first version of the tool
  • v1.2 (May 2020) - Added support for the ObjectGUID attribute of Active Directory users
  • v1.2.1 (August 2020) - Fixed import of recipient's phone number and unexpected closing of the app.
  • v1.2.1.55 (September 2020) - Fixed import of recipient's name. Added error handling.
  • v2.0 (October 2020) - Added support for synchronizing multiple groups. Added the ability to save import settings to a file. Fixed issue with limiting import to 1000 users.
  • v2.2 (November 2020) - Added support for Global Catalog. Fixed import of recipients without 'LDAP-based' flag (required Lucy v4.7.7 or newer).
  • v2.3 (January 2021) - Added support for HTTPS Proxy (for Lucy server connection). To run the application is no longer required to provide administrative privileges. Now, this is only needed when installing or removing the service.
  • v2.3.1 (February 2021) - Added search and sorting for multiple user groups filter.
  • v2.4 (November 2021) - Fixed bug with import recipients to a running campaign.
ldap_synchronization_tool.txt · Last modified: 2021/11/02 14:35 by lucy