Active Directory

1 Authenticating to Active Directory

To authenticate requests, set the User and Password properties to valid Active Directory credentials (e.g., set User to "Domain\\BobF" or "cn=Bob F,ou=Employees,dc=Domain").

The provider uses plaintext authentication by default, since the provider attempts to negotiate TLS/SSL with the server. You can specify another authentication method with AuthMechanism.

By default, the connector attempts to negotiate SSL/TLS by checking the server's certificate against the system's trusted certificate store.

To specify another certificate, set the SSLServerCert property for the available formats to do so.

2 Connecting to Active Directory

Set Server and Port for basic connectivity. Additionally, you can fine-tune the connection with the following:

  • FollowReferrals: When set, the provider surfaces data as views from only referral servers. To modify data on a referral server, you must specify this server with Server and Port.

  • LDAPVersion: Set this to the version of the protocol your server implements; by default, the provider uses version 2.

  • UseDefaultDC: Set this to connect to the default Domain Controller and authenticate using the current user credentials.

3 Fine Tuning Data Access

The following properties control the scope of data returned:

  • BaseDN will limit the scope of LDAP searches to the height of the distinguished name provided. Note: Specifying a narrow BaseDN may greatly increase performance; for example, a value of "cn=users,dc=domain" will only return results contained within "cn=users" and its children.

  • Scope: This property enables more granular control over the data to return from a subtree.

Not all properties are required. Enter only property values pertaining to your installation. Several properties will be automatically initialized with the appRules defaults.

Property

Description

Authentication

AuthMechanism

The authentication mechanism to be used when connecting to the Active Directory server.

BaseDN

The base portion of the distinguished name, used for limiting results to specific subtrees.

IntegratedSecurity

Whether or not to use the user's current context when logging in.

LDAPVersion

The LDAP version used to connect to and communicate with the server.

Password

The password for the distinguished name of the specified user.

Port

The port the Active Directory server is running on.

Scope

Whether to limit the scope of the search to the whole subtree (BaseDN and all of its descendants), a single level (BaseDN and its direct descendants), or the base object (BaseDN only).

Server

The domain name or IP of the Active Directory server.

UseDefaultDC

Used to connect to the default Domain Controller and authenticate using the current user credentials.

User

The distinguished name of a user.

Firewall

FirewallPassword

A password used to authenticate to a proxy-based firewall.

FirewallPort

The TCP port for a proxy-based firewall.

FirewallServer

The name or IP address of a proxy-based firewall.

FirewallType

The protocol used by a proxy-based firewall.

FirewallUser

The user name to use to authenticate with a proxy-based firewall.

Logging

Logfile

A path to the log file.

MaxLogFileCount

A string specifying the maximum file count of log files. When the limit is hit, a new log is created in the same folder with the date and time appended to the end and the oldest log file will be deleted.

MaxLogFileSize

A string specifying the maximum size in bytes for a log file (for example, 10 MB). When the limit is hit, a new log is created in the same folder with the date and time appended to the end.

Verbosity

The verbosity level that determines the amount of detail included in the log file.

Misc

ConnectionLifeTime

The maximum lifetime of a connection in seconds. Once the time has elapsed, the connection object is disposed.

ConnectionString

***

FollowReferrals

Whether or not to follow referrals returned by the Active Directory server.

FriendlyGUID

Whether to return GUID attribute values in a human readable format.

FriendlySID

Whether to return SID attribute values in a human readable format.

MaxRows

Limits the number of rows returned rows when no aggregation or group by is used in the query. This helps avoid performance issues at design time.

Other

These hidden properties are used only in specific use cases.

PoolIdleTimeout

The allowed idle time for a connection before it is closed.

PoolMaxSize

The maximum connections in the pool.

PoolMinSize

The minimum number of connections in the pool.

PoolWaitTime

The max seconds to wait for an available connection.

PseudoColumns

This property indicates whether or not to include pseudo columns as columns to the table.

Readonly

You can use this property to enforce read-only access to ActiveDirectory from the provider.

SSLServerCert

The certificate to be accepted from the server when connecting using TLS/SSL.

SupportEnhancedSQL

This property enhances SQL functionality beyond what can be supported through the API directly, by enabling in-memory client-side processing.

Timeout

The value in seconds until the timeout error is thrown, canceling the operation.

UseConnectionPooling

This property enables connection pooling.

PreviousRaw DataNextAmazon Athena

Last updated