LDAP Integration List

SysAid Technical Writer



LDAP Integration


Introduction to SysAid LDAP integration


This page allows you to integrate SysAid with your LDAP (Lightweight Directory Access Protocol). Integration with your LDAP provides the following benefits:

  • Import all users and user groups into SysAid automatically to save time and prevent mistakes that could occur from duplicating your data.
  • Authenticate SysAid users through your LDAP. This means that your users have the same password for SysAid as they do for their computers, and all login attempts are recorded centrally in your LDAP.
  • When using Active Directory as your LDAP, enable Single sign on so that your users are automatically logged into SysAid the moment they log into their computers.
  • When using Active Directory as your LDAP, enable the Password Services module to reset LDAP passwords and unlock LDAP accounts using SysAid.

Note: To setup LDAP integration, your LDAP server (e.g. Domain Controller) must be accessible to SysAid through one of your region's relevant IP addresses and the relevant port (e.g. 389 or 636) or you can use a remote discovery service, installed locally in your network, to avoid opening any ports in your firewall.

If you are using an On Premise edition of SysAid, click here for relevant LDAP integration help.

Single Sign-On

By enabling Single Sign-On, users are automatically signed into SysAid when they sign into their computers. You can enable Single Sign-On after configuring LDAP integration if you are using Microsoft Active Directory. Please view our SSO Guide for instructions for configuring Single Sign-On.


Important changes once LDAP is enabled


  • For users imported from LDAP, you must make any password changes directly in your LDAP.
  • SysAid authenticates all login attempts against your LDAP. All records of these attempts are stored in your LDAP logs.
  • Any time you want to make changes to user details, it's recommended to make the changes in LDAP and then refresh your users in SysAid from your LDAP. You can do this from Settings > User Management > Administrators/End Users using the Refresh from LDAP button. Alternatively, you can schedule an LDAP refresh which pulls the information into SysAid automatically.
  • Any users that you delete in SysAid but not in your LDAP, are automatically recreated when you refresh from LDAP. To avoid the recreation of users you no longer need, disable these users in SysAid rather than deleting them.


LDAP integration and licensing


SysAid allows you to import all of your LDAP users into SysAid even if this puts you over your license limit for end users. However, if you do exceed your limit, SysAid automatically disables as many users as necessary to put you under your limit. These users are disabled at random. For this reason, it's generally preferable to only import as many users as you have licenses.

View your LDAP structure for manual LDAP integration

To verify that your LDAP attributes fit the integration, you can connect to your LDAP directory with any LDAP browser. We recommend the LDAP browser, which is available at http://www.sysaid.com/down/ldapbrowser.zip.


  1. Login to your LDAP with this tool by entering the LDAP hostname/IP and port.
  2. Click Fetch Dns.
  3. From the drop-down list, choose the appropriate Dns.
  4. Clear the Anonymous Bind check box.
  5. Enter your LDAP username and password. You may need to fill in the username in its defined name form.
  6. Connect to the LDAP.
  7. Verify that the OUs you are looking for are displayed.
  8. If the OUs are not there, go back to the DN selection and choose a different DN from the list. Repeat this process until you find the DN that shows the correct OUs.
  9. After you have successfully logged into your LDAP, manually copy the LDAP structure into the LDAP integration form.


The LDAP list displays all of your LDAP integrations with their relevant fields.



For general instructions for using list pages in SysAid, see Using SysAid Lists.

Create a new LDAP integration

To create an LDAP integration, click .

Edit an LDAP integration

To view or edit an existing an LDAP integration, click its row in the list to open the LDAP Integration form.

Delete an LDAP integration

To delete LDAP integrations

  1. Select the check boxes corresponding to the LDAP integrations you want to delete.
  2. Click Delete.
  3. When prompted, click Delete.
Hi Team,

after upgrading to Build Numberv17.3.54 b14, LDAP integration doesn't allow to add user credentials. i have tried chrome/FF/IE/Edge and the result is the same.

below are the screenshots


SysAid Community Manager Product Team
Hi Shameem,

Please create relevant credentials (and domain if necessary) under Settings > Network Discovery first. I'll suggest an improvement to indicate where to look for these options in LDAP section.

I'm having trouble integrate openldap
it seems, it was trying to bind with doamin\username (AD) format to openldap
here is the logs

[18/Apr/2018:13:01:52 -0400] conn=1740653 op=0 msgId=1 - BIND dn="none\<username>" method=128 version=3, Invalid DN
[18/Apr/2018:13:01:52 -0400] conn=1740653 op=0 msgId=1 - RESULT err=34 tag=97 nentries=0 etime=0, Invalid DN
[18/Apr/2018:13:01:52 -0400] conn=1740653 op=1 msgId=0 - RESULT err=80 tag=120 nentries=0 etime=0