You would like to know the configuration set up for LDAP group authentication between the Content Analysis System (CAS) and Active Directory.
On the Server, Enter the URL as an IP address or hostname of your AD server specifying regular or secure LDAP. Example: ldap(s)://ldapserver.domain.lab
Search or Manage Credentials
Enter the distinguished name (DN) and a password of a user account which is allowed to query LDAP. This can be found in AD by opening ADSI Edit > Open the LDAP tree and browse to the user > Right-click on the record and select properties > browse to the distinguishedName attribute in the Attribute Editor tab. Example: CN=kevin,CN=Users,DC=domain,DC=lab
User Search Criteria
Set the Username Attribute to sAMAccountName and Base as the DN without a user specified. Example: CN=Users, DC=domain,DC=lab
Role Search Criteria
Set the Username Attribute to sAMAccountName and Base as the DN without a user specified (note: this is still the base DN of the user object and NOT the group). Example: CN=Users, DC=domain,DC=lab
Set the Result Role Attribute as memberOf
LDAP Group to Local Role Mapping
Click Add Group Mapping and specify a group name and role.
The behavior is such that the CAS queries for all the group names the user is a member of and returns them to the CAS.