Active Directory Data Group Types

From 3.5.1

fData can access Active Directory to check authentication by AD groups and to return attributes/properties about a user.

AD Settings

In the fAdmin settings the Active Directory group of settings hold the details of how to connect to AD:

ADLDAP_Server is the location of your LDAP Server (e.g. LDAP://255.255.255.255)

ADLDAP_UserId is the id of a valid user in the format DOMAIN\UserId used to access Active Directory.

ADLDAP_Password is the password for the ADLAP_User specified.

ADLDAP_Attributes is a comma separated list of the LDAP attributes that fData is permitted to return. This prevents DSD designers requesting attributes that they should not see. If nothing is specified here then all attributes are available.

Once these setting have been added fData can access the Active Directory data.

Active Directory Security

This data group type is used to authenticate users at login based on Active Directory groups. It will check whether a specified user has on of a specified list of fSeries roles (e.g. User) and if so return a row of data containing all the fSeries roles that the user has.

This can be used in an fSeries Security DSD both for the User data group and the Roles data group.

Some settings are required, in the Active Directory Security settings group: Each setting specifies an AD Group that represents one of the fSeries roles (User, Admin, Remote, DSD, Designer, Panels). Not all settings need to be filled but at least the User group should be present in order to authenticate user. For example the AD group “fSeriesUser” may represent user who can view outputs; “fSeriesAdmin” user of fAdmin; “fSeriesDesigners” for those who can use fData, fDocs Designer and fPanels Designer.

ADSecurity

To set up a data group, specify the Login (User Name) and the roles to be checked.

The Login will usually be a placeholder (e.g. #Login# or #UserId#).

The check each of the roles that you want checked in AD. In most cases this will be “User” but you can check any roles. If you check more than one roles, only one must be present for the authentication test to be passed and a row returned.

Active Directory Information

This data group type can be used at any time to gather information about a user from AD attributes/properties.

ADInfo

Specify the user (e.g. using a placeholder) or leave blank to use the logged in user’s login id.

Enter a list of attributes/properties that you wish to return. These must match valid AD properties. If the administrator has entered a list of available attributes then only these will return values.