Active Directory
1 Authenticating to Active Directory
To authenticate requests, set the User and Password properties to valid Active Directory credentials (e.g., set User to "Domain\\BobF" or "cn=Bob F,ou=Employees,dc=Domain").
The provider uses plaintext authentication by default, since the provider attempts to negotiate TLS/SSL with the server. You can specify another authentication method with AuthMechanism.
By default, the connector attempts to negotiate SSL/TLS by checking the server's certificate against the system's trusted certificate store.
To specify another certificate, set the SSLServerCert property for the available formats to do so.
2 Connecting to Active Directory
Set Server and Port for basic connectivity. Additionally, you can fine-tune the connection with the following:
FollowReferrals: When set, the provider surfaces data as views from only referral servers. To modify data on a referral server, you must specify this server with Server and Port.
LDAPVersion: Set this to the version of the protocol your server implements; by default, the provider uses version 2.
UseDefaultDC: Set this to connect to the default Domain Controller and authenticate using the current user credentials.
3 Fine Tuning Data Access
The following properties control the scope of data returned:
BaseDN will limit the scope of LDAP searches to the height of the distinguished name provided. Note: Specifying a narrow BaseDN may greatly increase performance; for example, a value of "cn=users,dc=domain" will only return results contained within "cn=users" and its children.
Scope: This property enables more granular control over the data to return from a subtree.
Not all properties are required. Enter only property values pertaining to your installation. Several properties will be automatically initialized with the appRules defaults.
Property
Description
Authentication
AuthMechanism
The authentication mechanism to be used when connecting to the Active Directory server.
BaseDN
The base portion of the distinguished name, used for limiting results to specific subtrees.
IntegratedSecurity
Whether or not to use the user's current context when logging in.
LDAPVersion
The LDAP version used to connect to and communicate with the server.
Password
The password for the distinguished name of the specified user.
Port
The port the Active Directory server is running on.
Scope
Whether to limit the scope of the search to the whole subtree (BaseDN and all of its descendants), a single level (BaseDN and its direct descendants), or the base object (BaseDN only).
Server
The domain name or IP of the Active Directory server.
UseDefaultDC
Used to connect to the default Domain Controller and authenticate using the current user credentials.
User
The distinguished name of a user.
Firewall
FirewallPassword
A password used to authenticate to a proxy-based firewall.
FirewallPort
The TCP port for a proxy-based firewall.
FirewallServer
The name or IP address of a proxy-based firewall.
FirewallType
The protocol used by a proxy-based firewall.
FirewallUser
The user name to use to authenticate with a proxy-based firewall.
Logging
Logfile
A path to the log file.
MaxLogFileCount
A string specifying the maximum file count of log files. When the limit is hit, a new log is created in the same folder with the date and time appended to the end and the oldest log file will be deleted.
MaxLogFileSize
A string specifying the maximum size in bytes for a log file (for example, 10 MB). When the limit is hit, a new log is created in the same folder with the date and time appended to the end.
Verbosity
The verbosity level that determines the amount of detail included in the log file.
Misc
ConnectionLifeTime
The maximum lifetime of a connection in seconds. Once the time has elapsed, the connection object is disposed.
ConnectionString
***
FollowReferrals
Whether or not to follow referrals returned by the Active Directory server.
FriendlyGUID
Whether to return GUID attribute values in a human readable format.
FriendlySID
Whether to return SID attribute values in a human readable format.
MaxRows
Limits the number of rows returned rows when no aggregation or group by is used in the query. This helps avoid performance issues at design time.
Other
These hidden properties are used only in specific use cases.
PoolIdleTimeout
The allowed idle time for a connection before it is closed.
PoolMaxSize
The maximum connections in the pool.
PoolMinSize
The minimum number of connections in the pool.
PoolWaitTime
The max seconds to wait for an available connection.
PseudoColumns
This property indicates whether or not to include pseudo columns as columns to the table.
Readonly
You can use this property to enforce read-only access to ActiveDirectory from the provider.
SSLServerCert
The certificate to be accepted from the server when connecting using TLS/SSL.
SupportEnhancedSQL
This property enhances SQL functionality beyond what can be supported through the API directly, by enabling in-memory client-side processing.
Timeout
The value in seconds until the timeout error is thrown, canceling the operation.
UseConnectionPooling
This property enables connection pooling.
Last updated