Run the Rainbow LDAP Connector as a Windows service

This article allows to configure the Rainbow LDAP Connector used to synchronize the company directory in Rainbow with the company LDAP directory services, such as Active Directories.

The Rainbow LDAP Connector supports synchronization with multiple LDAP directories or LDAP directories with multiple domains.

Only one Rainbow LDAP Connector can be configured at the same time for the company.

The main steps are as follows:

1. Configure the LDAP directory access in Rainbow and select the LDAP directory objects to be synchronized

   Note: These preliminary steps must be performed in Rainbow, so that an initial synchronization can be performed after the Rainbow LDAP Connector installation is complete.

   When the company has multiple LDAP directories/domains, these preliminary steps must be performed for each LDAP directory/domain.

2. Install the Rainbow LDAP Connector on a computer as a service
3. Connect to the Rainbow LDAP Connector with a company administrator account

Once installed:

• The Rainbow LDAP Connector runs in background as soon as a Windows session is opened
• The Rainbow LDAP Connector does not require a logged-in user session to run

After installation, you can:

• Configure synchronization with the company LDAP directories: see article Synchronize your company directory with LDAP directories
• Update the Rainbow LDAP Connector
• Uninstall the Rainbow LDAP Connector
• Get log files from Rainbow LDAP Connector
• Import a private certificate on Rainbow LDAP Connector

Before you start

On computer side:

• You must be logged in with a Windows administrator account (mandatory to install Rainbow LDAP Connector).

On Rainbow side:

• You must have an administrator account in the company with a Business or Enterprise license (mandatory to connect to Rainbow LDAP Connector).

• You must have subscribed enough Business and/or Enterprise licenses to create/update all expected users at synchronization.

  Warning: If there are not enough licenses, you will see the following error message in the synchronization report "No default licence managed or no available default licences to create/update user ".

On LDAP server side:

• The LDAP server must support LDAP v3 paging.

  Note: If it is not the case, you can disable the LDAP v3 paging on the Rainbow LDAP Connector: see: Enabling/disabling LDAP v3 paging.

Deployment and preliminary configuration overview

The Rainbow LDAP Connector deployment and preliminary configuration consists in:

1. From the Rainbow application and company management menu, declaring the access settings to LDAP directory
2. Selecting the LDAP directory users and/or contacts to be synchronized
3. When the company has multiple LDAP directories/domains, performing the first two steps for each LDAP directory/domain
4. From a computer with connection to LDAP directory, installing and starting the Rainbow LDAP Connector (Rainbow-Service-Installer.exe file) as a Windows service
5. Connecting to the Rainbow LDAP Connector by logging in with a company administrator account
   After login, a local status of the Rainbow LDAP Connector is available.

Accessing the Rainbow LDAP Connector management window

1. From the Rainbow administration interface, click on Manage your company in the left panel.
2. In the MY COMPANY panel, click on the company name, then Members.
3. Click on Import.
4. Click on icon .
   The Rainbow LDAP Connector management page opens.

Configuring access to LDAP directory

1. From the Rainbow LDAP Connector management window, in the AD/LDAP domain name field, enter the name identifying the LDAP directory in Rainbow.
   If an LDAP directory is already configured, and the company has multiple LDAP directories/domains, click on the button to configure a new LDAP directory for the company.
2. In the Next synchronization field, enter the date and time of the next synchronization.
3. Configure the following fields:
   • Login and Password: enter the LDAP authentication credentials used by the Rainbow LDAP Connector to access the LDAP directory server (use LDAP syntax for Login entry).
   • Hostname or IP address: enter the URL to access the LDAP directory server.
     URL syntax is: ldap://hostname:[port] or ldaps//hostname:[port]
     Hostname can be the name or IP address of LDAP directory server.
     [port] is used to specify a non-standard port number.
4. Complete access to LDAP directory by selecting the LDAP directory objects to be synchronized: see: Selecting the LDAP directory objects to be synchronized.

Selecting the LDAP directory objects to be synchronized

The selected objects can be LDAP directory users and/or contacts.

When the company has multiple LDAP directories/domains, the following operations must be performed for each LDAP directory or domain.

Selecting the users to be synchronized

1. From the Rainbow LDAP Connector management window, in the Users Selector section, select the LDAP directory users to be synchronized:
   • Base DN: enter the root domain where the LDAP directory users are located (use LDAP syntax).
   • Filter: optionally, apply a filter to synchronize only a subset of LDAP directory users (use LDAP syntax for filter definition). By default, all users in LDAP directory (person objects) are synchronized.
2. Select Users deletion enabled to enable the users deleted in LDAP directory to be also deleted in Rainbow.
3. Select Delete missing LDAP records if any previously found LDAP directory users, which are no more found after new search, must be considered as 'to be deleted'. If Delete missing LDAP records is unselected, only records found with a new search using Base DN for deletion and Filter for deletion will be considered as "to be deleted" in Rainbow.
4. In the Base DN for deletion field, enter the location on LDAP directory where the deleted LDAP directory users have been moved (use LDAP syntax).
5. Optionally, in the Filter for deletion field, apply a filter to select only a subset of LDAP directory users (use LDAP syntax for filter definition).
6. Click on Update.

Selecting the contacts to be synchronized

1. From the Rainbow LDAP Connector management window, in the Business Directory Selector section, select the LDAP directory contacts to be synchronized:
   • Base DN: enter the root domain where the LDAP directory contacts are located (use LDAP syntax).
   • Filter: optionally, apply a filter to synchronize only a subset of LDAP directory contacts (use LDAP syntax for filter definition). By default, all contacts in LDAP directory (contact objects) are synchronized.
2. Click on Update.

Installing the Rainbow LDAP Connector as a Windows service

1. From the computer, download and copy the setup file of Rainbow LDAP Connector (Rainbow-Service-Installer.exe) on a computer folder.

2. Double click on the setup file.

   Warning: you must be logged on to the computer with a Windows administrator account or, if not, launch the setup file with the Windows command Run as administrator.

   The installation wizard welcome page is displayed.
   

3. Select the installation language and click OK.
   A folder destination selection window is displayed.

4. Click the Browse button and select a folder path other than the one suggested, then click Next.

   Warning:

   • Do no insert spaces in the folder path.
   • Do not install under 'Program Files' or folders that require administrator privileges.

   

5. Click Install to launch installation.
6. When installation is successful, if necessary, unselect the Run the service check box, and click Finish to close the installation wizard.
7. Go to services.msc using run command.
   The RainbowADService service must appear in the list of services, and be started if it was selected during installation.

Connecting to the Rainbow LDAP Connector with a company administrator account

This operation connects the Rainbow LDAP Connector to the company in Rainbow.

Prerequisite: the RainbowADService service must be started:

1. From the computer, launch the Windows Services Manager as administrator.
2. Verify that the RainbowADService status is Running.
3. If it is not the case, right click on the service and select Start.
   The service status changes to Running.

To connect to the Rainbow LDAP Connector:

1. From the computer, perform any of the following:

   • Access the installation folder of Rainbow LDAP Connector and double click on rainbow-ad-page file
   • Open a web navigator and enter http://localhost:3001

   This opens a login page in a web navigator.

2. Click on the link Login to Rainbow.
3. Log in with your company administrator credentials and validate.
   The Rainbow LDAP Connector window opens.
4. In case of access via a HTTP proxy, in the LOCAL CONFIGURATION panel, click on the HTTP proxy check box, complete the HTTP proxy parameters (IP address or FQDN, port and credentials), then click on Save.
5. Verify that the Rainbow LDAP Connector is associated to the company.
   Information on Rainbow LDAP Connector is displayed at the top of the window, including creation date, software version and LDAP directory synchronization status. Status is Running when Rainbow LDAP Connector is connected to the company in Rainbow.
   Example:

Enabling/disabling LDAP v3 paging

The LDAP server must support LDAP v3 paging. If it not the case (e.g. OmniVista 8770 LDAP directory only supports LDAP v2), you can disable LDAP v3 paging on the Rainbow LDAP Connector.

1. From the computer, connect to the Rainbow LDAP Connector: see: Connecting to the Rainbow LDAP Connector with a company administrator account
2. In the LOCAL CONFIGURATION panel, select or unselect the Paging check box to enable or disable LDAP v3 paging.

Getting log files from Rainbow LDAP Connector

1. From the computer, connect to the Rainbow LDAP Connector: see: Connecting to the Rainbow LDAP Connector with a company administrator account
2. In the BUG REPORTING panel, click on Save logs...
3. Click on the link Download Logs.
   The last saved logs are downloaded in zip format on the computer.

Importing a private certificate on Rainbow LDAP Connector

When the communication with the company LDAP directory is encrypted and a private PKI is used, a private certificate generated by this PKI must be imported on Rainbow LDAP Connector.

1. From the computer, connect to the Rainbow LDAP Connector: see: Connecting to the Rainbow LDAP Connector with a company administrator account
2. At the top of the Rainbow LDAP Connector window, enter the path to the private certificate and click on Change.

Updating the Rainbow LDAP Connector

Rainbow LDAP Connector is not automatically updated.

Updating is a two step-process. You must:

1. First uninstall the Rainbow LDAP Connector from the computer: see: Uninstalling the Rainbow LDAP Connector.
2. Install the new version of Rainbow LDAP connector on the computer: see: Installing the Rainbow LDAP Connector as a Windows service.

Uninstalling the Rainbow LDAP Connector

1. From the computer, launch the Windows Services Manager as administrator.
2. Go to RainbowADService, right click on the service and select Stop.

3. From the computer, go to the installation folder of Rainbow LDAP Connector and double click on unins000.exe file.

   Warning: you must be logged on to the computer with a Windows administrator account or, if not, launch the uninstall file with the Windows command Run as administrator.

   A confirmation pop-up window opens.

4. Click on Yes to confirm.
   A pop-up opens when uninstallation is finished.
5. Click on Yes.
6. From the Rainbow LDAP Connector management window, remove the Rainbow LDAP Connector by clicking on .
   A confirmation pop-up window opens.
7. Click on Remove to confirm.