website/integrations: update active directory docs (#2177)
This commit is contained in:
parent
6dfe6edbef
commit
56a8276dbf
|
@ -31,17 +31,17 @@ The following placeholders will be used:
|
|||
|
||||
![](./03_additional_perms.png)
|
||||
|
||||
Additional infos: https://support.microfocus.com/kb/doc.php?id=7023371
|
||||
Additional info: https://support.microfocus.com/kb/doc.php?id=7023371
|
||||
|
||||
## authentik Setup
|
||||
|
||||
In authentik, create a new LDAP Source in Resources -> Sources.
|
||||
In authentik, create a new LDAP Source in Directory -> Federation & Social login.
|
||||
|
||||
Use these settings:
|
||||
|
||||
- Server URI: `ldap://ad.company`
|
||||
|
||||
For authentik to be able to write passwords back to Active Directory, make sure to use `ldaps://`
|
||||
For authentik to be able to write passwords back to Active Directory, make sure to use `ldaps://`. You can test to verify LDAPS is working using `ldp.exe`.
|
||||
|
||||
You can specify multiple servers by separating URIs with a comma, like `ldap://dc1.ad.company,ldap://dc2.ad.company`.
|
||||
|
||||
|
@ -53,17 +53,16 @@ Use these settings:
|
|||
- Property mappings: Control/Command-select all Mappings which start with "authentik default LDAP" and "authentik default Active Directory"
|
||||
- Group property mappings: Select "authentik default LDAP Mapping: Name"
|
||||
|
||||
The other settings might need to be adjusted based on the setup of your domain.
|
||||
Additional settings that might need to be adjusted based on the setup of your domain:
|
||||
|
||||
- Addition User/Group DN: Additional DN which is _prepended_ to your Base DN for user synchronization.
|
||||
- Addition Group DN: Additional DN which is _prepended_ to your Base DN for group synchronization.
|
||||
- User object filter: Which objects should be considered users.
|
||||
- Group: If enabled, all synchronized groups will be given this group as a parent.
|
||||
- Addition User/Group DN: Additional DN which is _prepended_ to your Base DN configured above to limit the scope of synchronization for Users and Groups
|
||||
- User object filter: Which objects should be considered users. For Active Directory set it to `(&(objectClass=user)(!(objectClass=computer)))` to exclude Computer accounts.
|
||||
- Group object filter: Which objects should be considered groups.
|
||||
- Group membership field: Which user field saves the group membership
|
||||
- Object uniqueness field: A user field which contains a unique Identifier
|
||||
- Sync parent group: If enabled, all synchronized groups will be given this group as a parent.
|
||||
|
||||
After you save the source, a synchronization will start in the background. When its done, you cen see the summary on the System Tasks page.
|
||||
After you save the source, a synchronization will start in the background. When its done, you can see the summary under Dashboards -> System Tasks.
|
||||
|
||||
![](./10_ak_status.png)
|
||||
|
||||
|
|
Reference in a new issue