LDAP Users

Users that have been synchronized from your LDAP store to Pro Custodibus are displayed with an LDAP credential showing their LDAP DN in the Credentials panel of the user’s profile. These users can log into Pro Custodibus using their LDAP credentials.

Disconnect a User

To disconnect an existing user in Pro Custodibus from your LDAP store, do the following:

  1. Set the poll interval on your LDAP integration to 0. This will prevent the polling process from removing or duplicating the interface in Pro Custodibus until you are done making changes.

  2. Click the Admin link in the app header.

  3. Click the Users link in the Administration panel.

  4. Find the user in the list, and click her name to view her profile page.

  5. Click the “trashcan” icon on the Credentials panel for her LDAP credential.

  6. Remove the user from the groups in your LDAP store that are synchronized to Pro Custodibus (configured via the Admins Group DN, Auditors Group DN, and Users Group DN settings).

  7. Set the poll interval on your LDAP integration back to its previous value.

Add a User

To add a user from your LDAP store to Pro Custodibus, add the user to one of the groups in your LDAP store that are synchronized to Pro Custodibus (configured via the Admins Group DN, Auditors Group DN, and Users Group DN settings).

The user will be added to Pro Custodibus on the next LDAP poll.

Edit a User

To edit a user that’s displayed with an LDAP credential in her profile’s Credentials panel of the Pro Custodibus UI, don’t use the Pro Custodibus UI. Changes you make in the Pro Custodibus UI will be overwritten by the authoritative values from your LDAP store.

Instead, use your regular LDAP tools to make changes to the user entity directly in your LDAP store. Your changes will be synchronized on the next LDAP poll.

Delete a User

To delete a user that’s displayed with an LDAP credential in her profile’s Credentials panel of the Pro Custodibus UI, don’t use the Pro Custodibus UI. If you delete the user in the Pro Custodibus UI, the user will simply be re-created again a few minutes later.

Instead, use your regular LDAP tools to delete the user entity directly in your LDAP store (or remove the user entity from all groups synchronized to Pro Custodibus). The user will be deleted in Pro Custodibus on the next LDAP poll.

Host Members

To add a user as a member of a host that’s displayed with an LDAP DN value in the Host panel of the Pro Custodibus UI, don’t use the Pro Custodibus UI. Changes you make in the Pro Custodibus UI will be overwritten by the authoritative memberships from your LDAP store.

Instead, edit the host entity in your LDAP store, and add the user’s DN to the host’s Owner Attribute. The user will be added to the host in Pro Custodibus on the next LDAP poll. This will allow the user to set up WireGuard on the device herself, or to use Multi-Factor Authentication with WireGuard.

User Synchronization

To configure user synchronization, edit the Queries and User Attributes panels of the LDAP configuration page. Users will be synchronized to Pro Custodibus on the next LDAP poll.