Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: First published version

...

Info
titleAD Explorer

AD Explorer is an open source tool that can assist with navigation of the Active Directory structure. It is useful in helping to generate the correct filter syntax settings described below. You can download the tool from the Microsoft Windows Sysinternal site.

http://technet.microsoft.com/da-dk/sysinternals/bb963907.aspx

 

Basic Configuration

Image Added

 Image Removed

FieldDescriptionExample
LDAP ServerEnter LDAP Serve Name or IP Address123.123.1.234
PortPort number associated with the LDAP Server389
Protocol VersionVersion of LDAPVersion 2 (required for some older OpenLDAP installations) or Version 3 (Active Directory and new LDAP Directory implementations)
Authentication TypeAuthentication ProtocolAnonymous, Basic, Negotiate, NTLM, Digest, Sicily, Dpa, Msn, External or Kerberos
SSLEncryption ProtocolCheck if using SSL
StartTLSEncryption ProtocolCheck if using StartTLS
Base DNName of the root node in LDAP from which to search for userscn=users,dc=example,dc=com
Additional User DNPrepended to the Base DN to limit the scope when searching for users 
Additional Group DNPrepended to the Base DN to limit the scope when searching for groups 
Bind DNBind DN is the user and the node in LDAP where the user can be found (this is the user Enterprise Tester will authenticate to the LDAP directory as - they must have sufficient rights to query the LDAP directory)Either a value distinguished name such as "cn=user,cn=Users, dc=example,dc=com", an username@domain e.g. "joebloggs@mycompany.local" or left blank for anonymous authentication.
Bind PasswordPassword for the Bind DN userPassword, or left blank for anonymous authentication.
Search AttributeThe attribute in LDAP holding the login nameuid (common for OpenLDAP) or sAMAccountName (Active Directory)

...

FieldDescriptionExample
Enable PagingWhen enabled, users will be returned in multiple pages rather than a single list. This is useful when you have a large number of users configured in LDAP, and where a non-paged request will fail because the query returns more than the allowable maximum - this should always be enabled for Active Directory.True
User Page SizeSpecify the number of users to return per page. The default value is 100. This value should ideally be configured to be the same as the maximum number of results which can be returned from a single query to ensure the least number of round trips when querying LDAP.1000
Group Page SizeSpecify the number of groups to return per page. The default value is 100. This value should ideally be configured to be the same as the maximum number of results which can be returned from a single query to ensure the least number of round trips when querying LDAP.500

User Configuration

Image Added

Image Removed 

FieldDescriptionExample
Object FilterFilter user for retrieving all users(&(objectCategory=Person)(sAMAccountName=*))
Search Filter TemplateFilter used for searching by name or partial name.(&(objectCategory=Person)(sAMAccountName={0}))
User Name AttributeUser Name Attributeuid (common for OpenLDAP) or sAMAccountName (Active Directory)
First Name AttributeFirst Name AttributegivenName
Last Name AttributeLast Name Attributesn
Email Attributemail
Telephone AttributePhone AttributetelephoneNumber

...

The synchronization section allows you to set up the synchronization mode, the frequency of synchronization and any default groups you wish to have new users added to when being synchronized with Enterprise Tester.

Image RemovedImage Added

FieldDescriptionExample
ModeSelect the type of integration you would like with LDAP
  1. Authentication only – LDAP is used to authenticate users only
  2. Synchronization – Users, Groups and Group Memberships are automatically created in Enterprise Tester
  3. Create User on Successful Authentication – New users are automatically created on first login if they are successfully authenticated in LDAP
ScheduleSynchronization FrequencyManual Synchronization, Every Hour, Every 2 Hours, Every 4 hours, Every 8 Hours and Every 24 Hours.
Synchronize UsersSelect to synchronize Users from LDAPCheck to synchronize users
Synchronize GroupsSelect to synchronize Groups from LDAPCheck to synchronize Groups
Synchronize Group MembersSelect to synchronize Groups from LDAPCheck to synchronize Group Members for each user

...