How to use the DirectAD on the Identify

Categories

Open all | Close all

How to use the DirectAD on the Identify

April 19, 2024

Version: 4.2++

When client wants to use the LDAP transformation as well as LDAP authentication, he needs to configure the LDAPWS to use for them.

And now he doesn’t need to setup LDAPWS, he can use his own AD directly for the LDAP transformation and the LDAP authentication.

How to do:

  • Open the web.config on the Runtime folder  in a text editor
  • Under <appSettings>-section, we add the following section:
<GAD>
<ADToolBox>
<!– Path to the Active Directory. This can be either the domain or a specific server –>
<LDAPPath>LDAP://yourdomain.com</LDAPPath>
<!– The root of all LDAP operations. All operations will be restricted to this root –>
<DomainRoot>DC=yourdomain,DC=com</DomainRoot>
<!– Set to true, to prevent memory leaks in long running processes –>
<DisposeSearchResultCollections>True</DisposeSearchResultCollections>
<Authentication>
<!– Set to true to use the app pool identity. Set to false to use the specified account –>
<Impersonate>True</Impersonate>
<!– The username to use, if not impersonating –>
<UserName></UserName>
<!– The password to use, if not impersonating –>
<Password encrypted=”False”></Password>
<!– Don’t change –>
<AuthenticationType>Secure</AuthenticationType>
</Authentication>
</ADToolBox>
<DirectoryRepository>
<DirectoryRepositoryConfiguration configFile=”~/DirectoryRepositoryConfiguration.config” />
<PasswordGeneratorConfiguration configFile=”~/PasswordGeneratorConfiguration.config” />
</DirectoryRepository>
</GAD>
  • Technically, the LDAP plugin of Safewhere*Identify supports two methods of getting groups from AD: a new one and a legacy one. While the new method is supposed to be faster than the legacy one, it might encounter error with some specific AD set up. When that is the case, consider to add this setting to <appSettings>-section on the web.config file to switch to the legacy method
<add key=”UseLegacyGetGroupsMethod” value=”true”/>
  • Save the web.config
  • Reset IIS
  • Log on to the Identify*Admin, set “None”  option on the “LdapWS service name” dropdown list for the LDAP transformation or LDAP authentication.
Was this helpful ?Good Somewhat Bad

Related posts:

  1. How to setup LDAP login provider for Identify
  2. How to manage Refresh token on Safewhere*Identify
  3. Identify*Runtime: How to disable Relaystate validation
  4. The LDAP login page