This page last changed on Sep 02, 2008 by smaddox.

This page provides configuration notes for Microsoft Active Directory, in relation to Configuring an LDAP Directory Connector.

Screenshot: 'Connector — Microsoft Active Directory'



Attribute Description
Connector The directory connector to use when communicating with the directory server.
URL The connection URL to use when connecting to the directory server, e.g.: ldap://localhost:389, or port 636 for SSL.
Secure SSL Specifies whether the connection to the directory server is an SSL connection.
Use Node Referrals Use the JNDI lookup java.naming.referral option. Generally needed for Active Directory servers configured without proper DNS, to prevent a 'javax.naming.PartialResultException: Unprocessed Continuation Reference(s)' error.
Use Nested Groups Enable or disable support for nested groups on the LDAP user directory.
Use Paged Results Use the LDAP control extension for simple paging of search results. Retrieves chunks of data rather than all of the search results at once. This feature may be necessary when using Microsoft Active Directory if more than 999 results are returned for any given search.
Paged Results Size Enter the desired page size i.e. the maximum number of search results to be returned per page, when paged results are enabled. Defaults to 999 results.
Base DN Enter the root distinguished name to use when running queries versus the directory server, e.g.: o=acmecorp,c=com.
User DN Distinguished name of the user that Crowd will use when connecting to the directory server.
Password The password that Crowd will use when connecting to the directory server.


Configuration notes for Microsoft Active Directory

Active Directory Attribute Example Value
Base DN cn=users,dc=ad,dc=acmecorp,dc=com
User DN administrator@ad.acmecorp.com

For Microsoft Active Directory, specify the Base DN in the following format: dc=domain1,dc=local. You will need to replace the domain1 and local for your specific configuration. Microsoft Server provides a tool called ldp.exe which is useful for finding out and configuring the the LDAP structure of your server.

The URL for Microsoft Active Directory should be in the following format: ldap://domainname.

Configuring an SSL Certificate for Microsoft Active Directory

If you wish to use Crowd to add users or change passwords in Microsoft Active Directory, you will need to install an SSL certificated generated by your Active Directory server and then install the certificate into your JVM keystore. Please read the instructions: Configuring an SSL Certificate for Microsoft Active Directory.

Integrating Crowd with ADAM

We have not tested Crowd integration with Active Directory Application Mode (ADAM). However, ADAM and Active Directory share the same code base, LDAP interface and API. So ADAM should work with Crowd, following the same integration instructions as above. If you try it, we'd be interested to hear of your experiences.

Next Step

Go back to Configuring an LDAP Directory Connector


RELATED TOPICS

Crowd Documentation


Document generated by Confluence on Sep 04, 2008 00:44