Active Directory

1 Authenticating to Active Directory

To authenticate requests, set the User and Password properties to valid Active Directory credentials (e.g., set User to "Domain\\BobF" or "cn=Bob F,ou=Employees,dc=Domain").

The provider uses plaintext authentication by default, since the provider attempts to negotiate TLS/SSL with the server. You can specify another authentication method with AuthMechanism.

By default, the connector attempts to negotiate SSL/TLS by checking the server's certificate against the system's trusted certificate store.

To specify another certificate, set the SSLServerCert property for the available formats to do so.

2 Connecting to Active Directory

Set Server and Port for basic connectivity. Additionally, you can fine-tune the connection with the following:

• FollowReferrals: When set, the provider surfaces data as views from only referral servers. To modify data on a referral server, you must specify this server with Server and Port.

• LDAPVersion: Set this to the version of the protocol your server implements; by default, the provider uses version 2.

• UseDefaultDC: Set this to connect to the default Domain Controller and authenticate using the current user credentials.

3 Fine Tuning Data Access

The following properties control the scope of data returned:

• BaseDN will limit the scope of LDAP searches to the height of the distinguished name provided. Note: Specifying a narrow BaseDN may greatly increase performance; for example, a value of "cn=users,dc=domain" will only return results contained within "cn=users" and its children.

• Scope: This property enables more granular control over the data to return from a subtree.

Not all properties are required. Enter only property values pertaining to your installation. Several properties will be automatically initialized with the appRules defaults.

Property	Description
Authentication
AuthMechanism	The authentication mechanism to be used when connecting to the Active Directory server.
BaseDN	The base portion of the distinguished name, used for limiting results to specific subtrees.
IntegratedSecurity	Whether or not to use the user's current context when logging in.
LDAPVersion	The LDAP version used to connect to and communicate with the server.
Password	The password for the distinguished name of the specified user.
Port	The port the Active Directory server is running on.
Scope	Whether to limit the scope of the search to the whole subtree (BaseDN and all of its descendants), a single level (BaseDN and its direct descendants), or the base object (BaseDN only).
Server	The domain name or IP of the Active Directory server.
UseDefaultDC	Used to connect to the default Domain Controller and authenticate using the current user credentials.
User	The distinguished name of a user.
Firewall
FirewallPassword	A password used to authenticate to a proxy-based firewall.
FirewallPort	The TCP port for a proxy-based firewall.
FirewallServer	The name or IP address of a proxy-based firewall.
FirewallType	The protocol used by a proxy-based firewall.
FirewallUser	The user name to use to authenticate with a proxy-based firewall.
Logging
Logfile	A path to the log file.
MaxLogFileCount	A string specifying the maximum file count of log files. When the limit is hit, a new log is created in the same folder with the date and time appended to the end and the oldest log file will be deleted.
MaxLogFileSize	A string specifying the maximum size in bytes for a log file (for example, 10 MB). When the limit is hit, a new log is created in the same folder with the date and time appended to the end.
Verbosity	The verbosity level that determines the amount of detail included in the log file.
Misc
ConnectionLifeTime	The maximum lifetime of a connection in seconds. Once the time has elapsed, the connection object is disposed.
ConnectionString	***
FollowReferrals	Whether or not to follow referrals returned by the Active Directory server.
FriendlyGUID	Whether to return GUID attribute values in a human readable format.
FriendlySID	Whether to return SID attribute values in a human readable format.
MaxRows	Limits the number of rows returned rows when no aggregation or group by is used in the query. This helps avoid performance issues at design time.
Other	These hidden properties are used only in specific use cases.
PoolIdleTimeout	The allowed idle time for a connection before it is closed.
PoolMaxSize	The maximum connections in the pool.
PoolMinSize	The minimum number of connections in the pool.
PoolWaitTime	The max seconds to wait for an available connection.
PseudoColumns	This property indicates whether or not to include pseudo columns as columns to the table.
Readonly	You can use this property to enforce read-only access to ActiveDirectory from the provider.
SSLServerCert	The certificate to be accepted from the server when connecting using TLS/SSL.
SupportEnhancedSQL	This property enhances SQL functionality beyond what can be supported through the API directly, by enabling in-memory client-side processing.
Timeout	The value in seconds until the timeout error is thrown, canceling the operation.
UseConnectionPooling	This property enables connection pooling.