Active Directory

1 Authenticating to Active Directory

To authenticate requests, set the User and Password properties to valid Active Directory credentials (e.g., set User to "Domain\\BobF" or "cn=Bob F,ou=Employees,dc=Domain").

The provider uses plaintext authentication by default, since the provider attempts to negotiate TLS/SSL with the server. You can specify another authentication method with AuthMechanism.

By default, the connector attempts to negotiate SSL/TLS by checking the server's certificate against the system's trusted certificate store.

To specify another certificate, set the SSLServerCert property for the available formats to do so.

2 Connecting to Active Directory

Set Server and Port for basic connectivity. Additionally, you can fine-tune the connection with the following:

  • FollowReferrals: When set, the provider surfaces data as views from only referral servers. To modify data on a referral server, you must specify this server with Server and Port.

  • LDAPVersion: Set this to the version of the protocol your server implements; by default, the provider uses version 2.

  • UseDefaultDC: Set this to connect to the default Domain Controller and authenticate using the current user credentials.

3 Fine Tuning Data Access

The following properties control the scope of data returned:

  • BaseDN will limit the scope of LDAP searches to the height of the distinguished name provided. Note: Specifying a narrow BaseDN may greatly increase performance; for example, a value of "cn=users,dc=domain" will only return results contained within "cn=users" and its children.

  • Scope: This property enables more granular control over the data to return from a subtree.

Not all properties are required. Enter only property values pertaining to your installation. Several properties will be automatically initialized with the appRules defaults.

Last updated