search cancel

Content Analysis LDAP group authentication configuration for Active Directory

book

Article ID: 175628

calendar_today

Updated On:

Products

Content Analysis Software - CA

Issue/Introduction

You would like to know the configuration set up for LDAP group authentication between the Content Analysis System (CAS) and Active Directory.

Resolution

On the Server, Enter the URL as an IP address or hostname of your AD server specifying regular or secure LDAP. Example: ldap(s)://ldapserver.domain.lab

 

Search or Manage Credentials

Enter the distinguished name (DN) and a password of a user account which is allowed to query LDAP. This can be found in AD by opening ADSI Edit > Open the LDAP tree and browse to the user > Right-click on the record and select properties > browse to the distinguishedName attribute in the Attribute Editor tab. Example: CN=kevin,CN=Users,DC=domain,DC=lab

 

User Search Criteria

Set the Username Attribute to sAMAccountName and Base as the DN without a user specified. Example: CN=Users, DC=domain,DC=lab

 

Role Search Criteria

Set the Username Attribute to sAMAccountName and Base as the DN without a user specified (note: this is still the base DN of the user object and NOT the group). Example: CN=Users, DC=domain,DC=lab

Set the Result Role Attribute as memberOf

 

LDAP Group to Local Role Mapping

Click Add Group Mapping and specify a group name and role.

 

The behavior is such that the CAS queries for all the group names the user is a member of and returns them to the CAS.