Applies to Infiniti v9.6 or later

User directory sync for AD and LDAP


Manual sync

WindowsMembershipProvider and LDAPMembershipProvider now provide the ability to sync with the directory they query for user details. This will bring in new users to Infiniti that don't exist yet, but should have access based on their groups. Useful for initial setups and employee onboarding where you might have to assign a workflow to a person who has yet to browse to Infiniti.
The sync button is located at Manage > Users. This button is only available if the current membership provider supports syncing.
Note: When developing a MembershipProvider implement the IDirectorySync interface to enable syncing for the Provider.
A couple of limitations currently exist:
- Only the current user's domain gets synchronized. Infiniti won’t know about any other trusted domains.
- For the above reason, Infiniti also does not mark users as inactive or delete them during a sync.
- Existing users are not modified during the sync if the domain has different details. They will update as normal on that user's next browse to Infiniti.
- Groups are not added to new users during the sync. They will be added as normal on that user's next browse to Infiniti.
The scheduler can run the membership provider sync once per day to automatically add new users.
To enable this, the MembershipProvider must be added to the config file for the scheduler.

Example section:

    <membership defaultProvider="WindowsMembershipProvider">
        <clear />
        <add name="WindowsMembershipProvider" type="Intelledox.MembershipSecurity.WindowsMembershipProvider, Intelledox.MembershipSecurity" keepdomain="False" logging="False" adpath="LDAP://myLdap" adname="short domain name" />
        <add name="LDAPMembershipProvider" type="Intelledox.MembershipSecurity.LDAPMembershipProvider, Intelledox.MembershipSecurity" ldappath="LDAP://myldap" username="myUsername" password="myPassword" />

Daily Schedule

There is a new setting in the global_options table called 'DAILY_SCHEDULE'. It keeps track of whether the sync has been run or not today. If that value is less than 'today', then the sync will occur within the next hour. Running the scheduler at the console will run it immediately.

