Category Archives: Active Directory

Linking TimeControl to LDAP and Active Directory

Some users of TimeControl ask about password policies. Can they set the password to be more complex or can they set passwords to expire after a certain number of days. Other users ask if TimeControl’s passwords can be harmonized with the passwords the users already use to login to their network or their PC.

All of this can be accomplished by switching from TimeControl’s native security to use Lightweight Directory Access Protocol (LDAP) or Microsoft’s Active Directory. This is controlled in TimeControl’s user table so it does not need to be implemented for every user.

To set up TimeControl to use the Active Directory for authentication, go to the TimeControl ATS Management Console on the TimeControl server.

  1. Expand the TimeControl ATS Server and click on the Parameters folder
  2. Go to the Server Options tab
  3. In the Default Authentication section type LDAP://s2.company.ca for the Default ADS Path (the s2.company.ca represents a DNS name)
  4. Click Apply to save the changes
  5. The ATS must be restarted so that the changes may take effect Logged onto TimeControl with Administrator rights
    Note: This can be done by re-importing the user table which would include a column for the ADS User. Please refer to the Importing Data into TimeControl in the TimeControl RefGuide.pdf
  6. Under Tables Users select the user that will use the ADS Authentication
  7. Select the Timesheet Options and in the User Authentication Mode Section Select Active Directory Services from the Method pull down
  8. In the ADS Server Path type: LDAP://ads server name or IP
  9. In the ADS User type: Domainuser name
  10. Click Apply
  11. Repeat steps 6 through 11 for each user

Note: If the default ADS Path is setup in the TimeControl ATS Management Console then the ADS Server Path is not required, TimeControl will pick the default up from the ATS. If there is no Default ADS PATH set up in the TimeControl ATS Management Console then the User Domain must be filled in.