Hello,
Is there some kind of client you can use for syncing the AD instead of LDAP directly? Like the one Microsoft have from AD to Azure AD? So I can have a secure sync.
Best regards,
Noiden
Hi, you can sync via the agent installed on the DC, alternatively you can lock down the firewall to Comodo’s IP’s
check out:
https://c1forum.comodo.com/forum/products/comodo-one-portal/13754-ldaps
James.
Thanks for the info, why didn’t i think of the IP lock. =)
Think I should try to install the client on the DC then, thank you very much.
Hmm, where do I find the setting to sync to C1?
ITSM > Settings > portal set-up
I only find the LDAP Sync there, not the one that you could have the “CCC” to sync to Comodo1.
Hi @Noiden ,
Please use the attached guide with instructions and you should be able to sync the ITSM with the LDAP.
Should you have any other issues or questions, please do let us know. Thank you.
Thanks, but I want to sync with the client not with LDAP. 
But LDAP sync might be better? But it’s not encrypted right?
Hi @Noiden ,
ITSM communicates with Comodo servers and agents on devices in order to update data, deploy profiles, submit files for analysis and so on. You need to configure your firewall accordingly to allow these connections. The details of IPs, hostnames and ports are provided in https://help.comodo.com/topic-399-1-…t-details.html
It depends on how the LDAP server is configured. ITSM does not support SSL encrypted communication.
Please check the following registry key on the Server:“HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters\LDAPServerIntegrity”. The key’s value needs to be set to 1 (if it’s 2 it means that it requires SSL which is not supported).
Hi @Jordan_C
I wan’t the ITSM Client (on the DC-server) to sync the users and groups in our AD to Comodo One. Is that possible?
Thanks for the help link, but it does not says if I need to open any port from outside to inside. The LDAP sync is the only port I need to open up to the DC-Server? The rest is outgoing connection?
Does LDAP also syncs the password on the AD-account?
Thanks.
Hi @Noiden ,
LDAP will only sync users. When you activate LDAP sync, the users registered in customer’s AD will be imported in ITSM. ITSM will created for each of the user an account that will provide:
- Administrator ability to enrolled devices under thtat user.
- Users possibility to connect to the ITSM console with the permissions provided by the admin.
The ITSM user will have a different password, it will not be synchronized with the AD password.
Aha, OK… Thanks for the clarification, will something like that be possible in a near future? Or SSO to the help desk? The users don’t like to get another page to remember password on… you know =)
You don’t get the department from the LDAP sync? So you have to create a new structure in ITSM and sort the users?
Hi @Noiden
Thanks for the clarification, will something like that be possible in a near future? Or SSO to the help desk? The users don’t like to get another page to remember password on… you know =)
We are not quite sure what you mean here. If you could elaborate, please.
You don’t get the department from the LDAP sync? So you have to create a new structure in ITSM and sort the users?
No to the first. And yes to the second. This gives you leeway to organize them so that the ‘VIPs’ can be set up separately from the regular users (Profile-wise).
Hi @Rick_C
We are not quite sure what you mean here. If you could elaborate, please.
If coworkers need to login to the Service Desk it would be nice to use “single sign on” with synced users and passwords from the AD, so the user don’t need another password to remember.
Hi @Noiden
We have forwarded your suggestion as a feature request to the developers. We will update you of its progress through email.