website/integrations: update active directory docs (#2177)

This commit is contained in:
bbrendon 2022-01-31 03:11:01 -08:00 committed by GitHub
parent 6dfe6edbef
commit 56a8276dbf
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -31,17 +31,17 @@ The following placeholders will be used:
![](./03_additional_perms.png)
Additional infos: https://support.microfocus.com/kb/doc.php?id=7023371
Additional info: https://support.microfocus.com/kb/doc.php?id=7023371
## authentik Setup
In authentik, create a new LDAP Source in Resources -> Sources.
In authentik, create a new LDAP Source in Directory -> Federation & Social login.
Use these settings:
- Server URI: `ldap://ad.company`
For authentik to be able to write passwords back to Active Directory, make sure to use `ldaps://`
For authentik to be able to write passwords back to Active Directory, make sure to use `ldaps://`. You can test to verify LDAPS is working using `ldp.exe`.
You can specify multiple servers by separating URIs with a comma, like `ldap://dc1.ad.company,ldap://dc2.ad.company`.
@ -53,17 +53,16 @@ Use these settings:
- Property mappings: Control/Command-select all Mappings which start with "authentik default LDAP" and "authentik default Active Directory"
- Group property mappings: Select "authentik default LDAP Mapping: Name"
The other settings might need to be adjusted based on the setup of your domain.
Additional settings that might need to be adjusted based on the setup of your domain:
- Addition User/Group DN: Additional DN which is _prepended_ to your Base DN for user synchronization.
- Addition Group DN: Additional DN which is _prepended_ to your Base DN for group synchronization.
- User object filter: Which objects should be considered users.
- Group: If enabled, all synchronized groups will be given this group as a parent.
- Addition User/Group DN: Additional DN which is _prepended_ to your Base DN configured above to limit the scope of synchronization for Users and Groups
- User object filter: Which objects should be considered users. For Active Directory set it to `(&(objectClass=user)(!(objectClass=computer)))` to exclude Computer accounts.
- Group object filter: Which objects should be considered groups.
- Group membership field: Which user field saves the group membership
- Object uniqueness field: A user field which contains a unique Identifier
- Sync parent group: If enabled, all synchronized groups will be given this group as a parent.
After you save the source, a synchronization will start in the background. When its done, you cen see the summary on the System Tasks page.
After you save the source, a synchronization will start in the background. When its done, you can see the summary under Dashboards -> System Tasks.
![](./10_ak_status.png)