Run the Rainbow LDAP Connector as a Windows service

This article allows to configure the Rainbow LDAP Connector used to synchronize the company directory in Rainbow with the company Active Directory.

Only one Rainbow LDAP Connector can be configured at the same time for the company.

The main steps are as follows:

1. Configure Active Directory access in Rainbow and select the Active Directory objects to be synchronized
   
   Note: these preliminary steps must be performed in Rainbow, so that an initial synchronization can be performed after the Rainbow LDAP Connector installation is complete.
2. Install the Rainbow LDAP Connector on a computer as a service
3. Connect to the Rainbow LDAP Connector with a company administrator account

Once installed:

• The Rainbow LDAP Connector runs in background as soon as a Windows session is opened
• The Rainbow LDAP Connector does not require a logged-in user session to run

After installation, you can:

• Configure synchronization with the Active Directory: see article Provisioning of company members via an Active Directory (LDAP Connector)
• Update the Rainbow LDAP Connector
• Uninstall the Rainbow LDAP Connector
• Get log files from Rainbow LDAP Connector
• Import a private certificate on Rainbow LDAP Connector

Before you start

On computer side:

• You must be logged in with a Windows administrator account (mandatory to install Rainbow LDAP Connector).

On Rainbow side:

• You must have an administrator account in the company with a Business or Enterprise license (mandatory to connect to Rainbow LDAP Connector).
• You must have subscribed enough Business and/or Enterprise licenses to create/update all expected users at synchronization.
  Warning: If there are not enough licenses, you will see the following error message in the synchronization report "No default licence managed or no available default licences to create/update user ".

On Active Directory/LDAP server side:

• Server must support LDAP v3 paging.

Deployment and preliminary configuration overview

The Rainbow LDAP Connector deployment and preliminary configuration consists in:

1. From the Rainbow application and company management menu, declaring the access settings to Active Directory
2. Selecting the Active Directory users and/or contacts to be synchronized
3. From a computer with connection to Active Directory, installing and starting the Rainbow LDAP Connector (Rainbow-Service-Installer.exe file) as a Windows service
4. Connecting to the Rainbow LDAP Connector by logging in with a company administrator account
   After login, a local status of the Rainbow LDAP Connector is available.

Accessing the Rainbow LDAP Connector management window

1. From the Rainbow administration interface, click on Manage your company in the left panel.
2. In the MY COMPANY panel, click on the company name, then Members.
3. Click on Import.
4. Click on icon .
   The Rainbow LDAP Connector management page opens.

Configuring access to Active Directory

1. From the Rainbow LDAP Connector management window, in the LDAP connector section, configure the following fields:
   • Login and Password: enter the LDAP authentication credentials used by the Rainbow LDAP Connector to access the Active Directory server (use LDAP syntax for Login entry).
   • Hostname or IP address: enter the IP address or URL to access the Active Directory server.
     If a URL is entered, syntax is: ldap://hostname of the Active Directory server:[port] where :[port] is used to specify a non-standard port number.
     
2. Complete access to Active Directory by selecting the Active Directory objects to be synchronized: see: Selecting the Active Directory objects to be synchronized.

Selecting the Active Directory objects to be synchronized

The selected objects can be Active Directory users and/or contacts.

Selecting the users to be synchronized

1. From the Rainbow LDAP Connector management window, in the Users Selector section, select the Active Directory users to be synchronized:
   
   • Base DN: enter the root domain where the Active Directory users are located (use LDAP syntax).
   • Filter: optionally, apply a filter to synchronize only a subset of Active Directory users (use LDAP syntax for filter definition). By default, all users in Active Directory (person objects) are synchronized.
2. Select Users deletion enabled to enable the users deleted in Active Directory to be also deleted in Rainbow. 
3. Select Delete missing LDAP records if any previously found Active Directory users, which are no more found after new search, must be considered as 'to be deleted'. If Delete missing LDAP records is unselected, only records found with a new search using Base DN for deletion and Filter for deletion will be considered as "to be deleted" in Rainbow.
4. In the Base DN for deletion field, enter the location on Active Directory where the deleted Active Directory users have been moved (use LDAP syntax).
5. Optionally, in the Filter for deletion field, apply a filter to select only a subset of Active Directory users (use LDAP syntax for filter definition).
6. Click on Update.

Selecting the contacts to be synchronized

1. From the Rainbow LDAP Connector management window, in the Business Directory Selector section, select the Active Directory contacts to be synchronized:
   
   • Base DN: enter the root domain where the Active Directory contacts are located (use LDAP syntax).
   • Filter: optionally, apply a filter to synchronize only a subset of Active Directory contacts (use LDAP syntax for filter definition). By default, all contacts in Active Directory (contact objects) are synchronized.
2. Click on Update.

Installing the Rainbow LDAP Connector as a Windows service

1. From the computer, download and copy the setup file of Rainbow LDAP Connector (Rainbow-Service-Installer.exe) on a computer folder.
2. Double click on the setup file.
   Warning: you must be logged on to the computer with a Windows administrator account or, if not, launch the setup file with the Windows command Run as administrator.
   The installation wizard welcome page is displayed.
   
3. Select the installation language and click OK.
   A folder destination selection window is displayed.
4. Click the Browse button and select a folder path other than the one suggested, then click Next.
   Warning:

   • Do no insert spaces in the folder path.
   • Do not install under 'Program Files' or folders that require administrator privileges.
   
5. Click Install to launch installation.
6. When installation is successful, if necessary, unselect the Run the service check box, and click Finish to close the installation wizard.
7. Go to services.msc using run command.
   The RainbowADService service must appear in the list of services, and be started if it was selected during installation.

Connecting to the Rainbow LDAP Connector with a company administrator account

This operation connects the Rainbow LDAP Connector to the company.

Prerequisite: the RainbowADService service must be started:

1. From the computer, launch the Windows Services Manager as administrator.
2. Verify that the RainbowADService status is Running.
3. If it is not the case, right click on the service and select Start.
   The service status changes to Running.

To connect to the Rainbow LDAP Connector:

1. From the computer, perform any of the following:
   • Access the installation folder of Rainbow LDAP Connector and double click on rainbow-ad-page file
   • Open a web navigator and enter http://localhost:3001

   This opens a login page in a web navigator.

2. Log in with your company administrator credentials and validate.
   The Rainbow LDAP Connector window opens.
3. From the Rainbow LDAP Connector management window, verify that the Rainbow LDAP Connector is associated to the company.
   Information on Rainbow LDAP Connector is displayed at the top of the window, including creation date, software version and Active Directory synchronization status. The Pending status changes to Running at first synchronization.
   Example:

Getting log files from Rainbow LDAP Connector

1. From the computer, connect to the Rainbow LDAP Connector: see: Connecting to the Rainbow LDAP Connector with a company administrator account
2. In the BUG REPORTING panel, click on Save logs...
3. Click on the link Download Logs.
   The last saved logs are downloaded in zip format on the computer.

Importing a private certificate on Rainbow LDAP Connector

When the communication with the company Active Directory is encrypted and a private PKI is used, a private certificate generated by this PKI must be imported on Rainbow LDAP Connector.

1. From the computer, connect to the Rainbow LDAP Connector: see: Connecting to the Rainbow LDAP Connector with a company administrator account
2. At the top of the Rainbow LDAP Connector window, enter the path to the private certificate and click on Change.

Updating the Rainbow LDAP Connector

Rainbow LDAP Connector is not automatically updated.

Updating is a two step-process. You must:

1. First uninstall the Rainbow LDAP Connector from the computer: see: Uninstalling the Rainbow LDAP Connector.
2. Install the new version of Rainbow LDAP connector on the computer: see: Installing the Rainbow LDAP Connector as a Windows service.

Uninstalling the Rainbow LDAP Connector

1. From the computer, launch the Windows Services Manager as administrator.
2. Go to RainbowADService, right click on the service and select Stop.
3. From the computer, go to the installation folder of Rainbow LDAP Connector and double click on unins000.exe file.
   Warning: you must be logged on to the computer with a Windows administrator account or, if not, launch the uninstall file with the Windows command Run as administrator.
   A confirmation pop-up window opens.
4. Click on Yes to confirm.
   A pop-up opens when uninstallation is finished.
5. Click on Yes.
6. From the Rainbow LDAP Connector management window, remove the Rainbow LDAP Connector by clicking on .
   A confirmation pop-up window opens.
7. Click on Remove to confirm.