You would like to know the configuration set up for LDAP group authentication between the Content Analysis System (CAS) and Active Directory.

On the Server, Enter the URL as an IP address or hostname of your AD server specifying regular or secure LDAP. Example: ldap(s)://ldapserver.domain.lab

Search or Manage Credentials

Enter the distinguished name (DN) and a password of a user account which is allowed to query LDAP. This can be found in AD by opening ADSI Edit > Open the LDAP tree and browse to the user > Right-click on the record and select properties > browse to the distinguishedName attribute in the Attribute Editor tab. Example: CN=kevin,CN=Users,DC=domain,DC=lab

User Search Criteria

Set the Username Attribute to sAMAccountName and Base as the DN without a user specified. Example: CN=Users, DC=domain,DC=lab

Role Search Criteria

Set the Username Attribute to sAMAccountName and Base as the DN without a user specified (note: this is still the base DN of the user object and NOT the group). Example: CN=Users, DC=domain,DC=lab

Set the Result Role Attribute as memberOf

LDAP Group to Local Role Mapping

Click Add Group Mapping and specify a group name and role.

The behavior is such that the CAS queries for all the group names the user is a member of and returns them to the CAS.