Active Directory
1 Authenticating to Active Directory
To authenticate requests, set the User and Password properties to valid Active Directory credentials (e.g., set User to "Domain\\BobF" or "cn=Bob F,ou=Employees,dc=Domain").
The provider uses plaintext authentication by default, since the provider attempts to negotiate TLS/SSL with the server. You can specify another authentication method with AuthMechanism.
By default, the connector attempts to negotiate SSL/TLS by checking the server's certificate against the system's trusted certificate store.
To specify another certificate, set the SSLServerCert property for the available formats to do so.
2 Connecting to Active Directory
Set Server and Port for basic connectivity. Additionally, you can fine-tune the connection with the following:
FollowReferrals: When set, the provider surfaces data as views from only referral servers. To modify data on a referral server, you must specify this server with Server and Port.
LDAPVersion: Set this to the version of the protocol your server implements; by default, the provider uses version 2.
UseDefaultDC: Set this to connect to the default Domain Controller and authenticate using the current user credentials.
3 Fine Tuning Data Access
The following properties control the scope of data returned:
BaseDN will limit the scope of LDAP searches to the height of the distinguished name provided. Note: Specifying a narrow BaseDN may greatly increase performance; for example, a value of "cn=users,dc=domain" will only return results contained within "cn=users" and its children.
Scope: This property enables more granular control over the data to return from a subtree.
Not all properties are required. Enter only property values pertaining to your installation. Several properties will be automatically initialized with the appRules defaults.
Property
|
Description
|
|
|
Authentication | |
AuthMechanism | The authentication mechanism to be used when connecting to the Active Directory server. |
BaseDN | The base portion of the distinguished name, used for limiting results to specific subtrees. |
IntegratedSecurity | Whether or not to use the user's current context when logging in. |
LDAPVersion | The LDAP version used to connect to and communicate with the server. |
Password | The password for the distinguished name of the specified user. |
Port | The port the Active Directory server is running on. |
Scope | Whether to limit the scope of the search to the whole subtree (BaseDN and all of its descendants), a single level (BaseDN and its direct descendants), or the base object (BaseDN only). |
Server | The domain name or IP of the Active Directory server. |
UseDefaultDC | Used to connect to the default Domain Controller and authenticate using the current user credentials. |
User | The distinguished name of a user. |
Firewall | |
FirewallPassword | A password used to authenticate to a proxy-based firewall. |
FirewallPort | The TCP port for a proxy-based firewall. |
FirewallServer | The name or IP address of a proxy-based firewall. |
FirewallType | The protocol used by a proxy-based firewall. |
FirewallUser | The user name to use to authenticate with a proxy-based firewall. |
Logging | |
Logfile | A path to the log file. |
MaxLogFileCount | A string specifying the maximum file count of log files. When the limit is hit, a new log is created in the same folder with the date and time appended to the end and the oldest log file will be deleted. |
MaxLogFileSize | A string specifying the maximum size in bytes for a log file (for example, 10 MB). When the limit is hit, a new log is created in the same folder with the date and time appended to the end. |
Verbosity | The verbosity level that determines the amount of detail included in the log file. |
Misc | |
ConnectionLifeTime | The maximum lifetime of a connection in seconds. Once the time has elapsed, the connection object is disposed. |
ConnectionString | *** |
FollowReferrals | Whether or not to follow referrals returned by the Active Directory server. |
FriendlyGUID | Whether to return GUID attribute values in a human readable format. |
FriendlySID | Whether to return SID attribute values in a human readable format. |
MaxRows | Limits the number of rows returned rows when no aggregation or group by is used in the query. This helps avoid performance issues at design time. |
Other | These hidden properties are used only in specific use cases. |
PoolIdleTimeout | The allowed idle time for a connection before it is closed. |
PoolMaxSize | The maximum connections in the pool. |
PoolMinSize | The minimum number of connections in the pool. |
PoolWaitTime | The max seconds to wait for an available connection. |
PseudoColumns | This property indicates whether or not to include pseudo columns as columns to the table. |
Readonly | You can use this property to enforce read-only access to ActiveDirectory from the provider. |
SSLServerCert | The certificate to be accepted from the server when connecting using TLS/SSL. |
SupportEnhancedSQL | This property enhances SQL functionality beyond what can be supported through the API directly, by enabling in-memory client-side processing. |
Timeout | The value in seconds until the timeout error is thrown, canceling the operation. |
UseConnectionPooling | This property enables connection pooling. |
Last updated