Enportal/5.5/admin/user administration/ldap configuration/active directory

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)


Active Directory is a specific type of LDAP that is used by Microsoft Windows. As it is used in many customer environments, it is a fairly common type of LDAP directory that will need to be integrated. Please note the following special considerations when configuring LDAP for Active Directory:

  • Domain Adapter

    • On the Domain Adapter settings (from the Explorer view, right click the domain and select Edit Adapter), in the Search tab, make sure the User Class and the User ID Attribute key are set to values matching your AD environment. Typically these might be "Person" and "sAMAccountName" respectively.

    • Use the "ADSI Edit" utility on an Active Directory Server to view user attributes by right clicking an entry and selecting properties:

      • User ID Attribute key: in the list of attributes, find the attribute that contains the username. Note: there may be several options here depending on how your users log-in (e.g. "cn","sAMAccountName","userPrincipalName" -- match this to your specific environment).

      • User Class: in the list of attributes, find the attribute "objectCategory". The first CN listed in the value for "objectCategory" should be used for the User Class (e.g. if objectCategory value = "CN=Person,CN=Schema,CN=Configuration,DC=testlab,DC=it-status,DC=net" the first CN value listed is "Person"). This should be your value for User Class.

    • You may also want to update your login form for your domain to prompt users for the right username format.

  • Role Adapter

    • Change Role Class to "group"

    • Change Domain/User assignment attribute key to "member"