Run the Rainbow LDAP Connector as a Windows service

This article allows to configure the Rainbow LDAP Connector used to synchronize the company directory in Rainbow with the company Active Directory.

Only one Rainbow LDAP Connector can be configured at the same time for the company.

Configuration operations consists in:

• Installing the Rainbow LDAP Connector on a computer as a service
  Note: a preliminary configuration of the Active Directory must be performed in Rainbow, so that an initial synchronization can be performed at the end of Rainbow LDAP Connector installation.
• Associating the Rainbow LDAP Connector to a company

Once installed:

• The Rainbow LDAP Connector runs in background as soon as a Windows session is opened
• The Rainbow LDAP Connector does not require a logged-in user session to run

After installation, you can:

• Configure synchronization with the Active Directory: see article Synchronize your company directory with Active Directory
• Update the Rainbow LDAP Connector
• Uninstall the Rainbow LDAP Connector

Before you start

On computer side:

• You must be logged in with an administrator account.

On Rainbow side:

• You must have an administrator account in the company with a Business or Enterprise license.
• You must have subscribed enough Business and/or Enterprise licenses to create/update all expected users at synchronization.
  Warning: If there are not enough licenses, you will see the following error message in the synchronization report "No default licence managed or no available default licences to create/update user ".

Deployment and preliminary configuration overview

The Rainbow LDAP Connector deployment and preliminary configuration consists in:

1. From the Rainbow application and company management menu, declaring the access settings to Active Directory
2. Selecting the Active Directory users and/or contacts to be synchronized
3. From a computer with connection to Active Directory, installing and starting the Rainbow LDAP Connector (Rainbow-Service-Installer.exe file) as a Windows service
4. Associating the Rainbow LDAP Connector to a company by logging in with your administrator account
   After login, a local status of the Rainbow LDAP Connector is available.

Accessing the Rainbow LDAP Connector management window

1. From the Rainbow administration interface, click on Manage your company in the left panel.
2. In the MY COMPANY panel, click on the company name, then Members.
3. Click on Import.
4. Click on icon  .
   The Rainbow LDAP Connector management page opens.

Configuring access to Active Directory

1. From the Rainbow LDAP Connector management window, in the LDAP connector section, configure the following fields:
   • Login and Password: enter the LDAP authentication credentials used by the Rainbow LDAP Connector to access the Active Directory server (use LDAP syntax for Login entry).
   • Hostname or IP address: enter the IP address or URL to access the Active Directory server.
     If a URL is entered, syntax is: ldap://<hostname of the Active Directory server>:[port] where :[port] is used to specify a non-standard port number.
     
2. Complete access to Active Directory by selecting the Active Directory objects to be synchronized: see: Selecting the Active Directory objects to be synchronized.

Selecting the Active Directory objects to be synchronized

The selected objects can be Active Directory users and/or contacts.

Selecting the users to be synchronized

1. From the Rainbow LDAP Connector management window, in the Users Selector section, select the Active Directory users to be synchronized:
   
   • Base DN: enter the root domain where the Active Directory users are located (use LDAP syntax).
   • Filter: optionally, apply a filter to synchronize only a subset of Active Directory users (use LDAP syntax for filter definition). By default, all users in Active Directory (person objects) are synchronized.
2. Select Users deletion enabled to enable the users deleted in Active Directory to be also deleted in Rainbow. 
3. Select Delete missing LDAP records if any previously found Active Directory users, which are no more found after new search, must be considered as 'to be deleted'. If Delete missing LDAP records is unselected, only records found with a new search using Base DN for deletion and Filter for deletion will be considered as "to be deleted" in Rainbow.
4. In the Base DN for deletion field, enter the location on Active Directory where the deleted Active Directory users have been moved (use LDAP syntax).
5. Optionally, in the Filter for deletion field, apply a filter to select only a subset of Active Directory users (use LDAP syntax for filter definition).
6. Click on Update.

Selecting the contacts to be synchronized

1. From the Rainbow LDAP Connector management window, in the Business Directory Selector section, select the Active Directory contacts to be synchronized:
   
   • Base DN: enter the root domain where the Active Directory contacts are located (use LDAP syntax).
   • Filter: optionally, apply a filter to synchronize only a subset of Active Directory contacts (use LDAP syntax for filter definition). By default, all contacts in Active Directory (contact objects) are synchronized.
2. Click on Update.

Installing the Rainbow LDAP Connector as a Windows service

1. From the computer, download and copy the setup file of Rainbow LDAP Connector (Rainbow-Service-Installer.exe) on a computer folder.
2. Double click on the setup file.
   The installation wizard welcome page is displayed.
   
3. Select the installation language and click OK.
   A folder destination selection window is displayed.
4. If necessary, click the Browse button to modify the installation folder, then click Next.
   
5. Click Install to launch installation.
6. When installation is successful, if necessary, unselect the Start the service check box, and click Finish to close the installation wizard.
7. Go to services.msc using run command.
   The RainbowADService service must appear in the list of services, and be started if it was selected during installation.

Associating the Rainbow LDAP Connector to a company

Prerequisite: the RainbowADService service must be started:

1. From the computer, launch the Windows Services Manager.
2. Verify that the RainbowADService status is Running.
3. If it is not the case, right click on the service and select Start.
   The service status changes to Running.

To associate the Rainbow LDAP Connector to a company:

1. From the computer, access the installation folder of Rainbow LDAP Connector and double click on rainbow-ad-page file.
   This opens a login page in a web navigator.
2. Log in with your company administrator credentials and validate.
   The Rainbow LDAP Connector window opens.
3. From the Rainbow LDAP Connector management window, verify that the Rainbow LDAP Connector is associated to the company.
   Information on Rainbow LDAP Connector is displayed at the top of the window, including creation date, software version and Active Directory synchronization status. The Pending status changes to Running at first synchronization.
   Example:

Updating the Rainbow LDAP Connector

Rainbow LDAP Connector is not automatically updated.

Updating is a two step-process. You must:

1. First uninstall the Rainbow LDAP Connector from the computer: see: Uninstalling the Rainbow LDAP Connector.
2. Install the new version of Rainbow LDAP connector on the computer: see: Installing the Rainbow LDAP Connector as a Windows service.

Uninstalling the Rainbow LDAP Connector

1. From the Rainbow LDAP Connector management window, remove the Rainbow LDAP Connector by clicking on .
   A confirmation pop-up window opens.
2. Click on Remove to confirm.
3. From the computer, go to the installation folder of Rainbow LDAP Connector and double click on unins000.exe file.
   A confirmation pop-up window opens.
4. Click on Yes to confirm.
   A pop-up opens when uninstallation is finished.
5. Click on Yes.