Active Directory user manager
You can connect to Windows Active Directory (in read-only mode). In order for the Active Directory user manager option to be available in the User manager tab of the Users / Groups section in JMap Admin, you must include the following line in the JMAP_HOME/conf/jmapserver.properties file:
usermanager.ad=com.kheops.jmap.server.security.ActiveDirectoryUserManager
We recommend you use the Composite user manager instead of simply using the Active Directory user manager. This will allow you to maintain access to JMap Admin even if errors arise in the configuration of Active Directory.
In the User manager section, select the Composite user manager and add the Active Directory user manager. A new interface opens, allowing you to enter the settings to configure the connection to the Active Directory server.
Active Directory |
|
Friendly name | Name used to easily identify the Active Directory user manager. |
Server address | Address of the Windows domain controller server configured with Active Directory. You can add several Active Directory servers by separating them with a space. Example:
|
DN | Unique identifier (Distinguished Name) pointing at the root of the directory. Composed of a list of DC (Domain Component) entries. Example:
dc= |
Domain | Name of the Windows domain. Example:
|
User / SPN | User name that JMap Server will use to connect to the Active Directory. It is recommended to create a user especially for JMap. Its password should never expire. If you wish to use single sign-on, you will have to create an SPN (Service Principal Name) associated with this user. See Single Sign-On for more details. |
Password | Password of the user JMap Server will use to connect to the Active Directory. |
Admin. password | A user named administrator must always exist in JMap. If no administrator user exists in the Active Directory, JMap will simulate one. In such a case, provide the password associated with this user. If the user administrator does exist in the Active Directory and a password is entered, this password will simply be ignored. |
Enable single sign-on | Enables the single sign-on option. See Single Sign-On for more details. |
Default / Custom LDAP configuration | Active Directory is based on LDAP. This option allows for the use of LDAP parameters that are most commonly used for Active Directory. However, if those parameters don’t match the ones in use, it is possible to specify custom values. The settings are described in the following section, JMap LDAP user manager. |
Max page size | Active Directory limits the transaction size to a maximum number of records at a time (page size). The value of this parameter must not be greater than the maximum size authorized by Active Directory (1000 is the default value in Active Directory). If the size is too small, this can reduce performance. A size greater than the authorized limit will cause missing data in the user list. |