This page last changed on Jul 01, 2008 by smaddox.
This page provides configuration notes for Microsoft Active Directory, in relation to Configuring an LDAP Directory Connector.
Screenshot: 'Connector — Microsoft Active Directory'

Attribute |
Description |
Connector |
The directory connector to use when communicating with the directory server. |
URL |
The connection URL to use when connecting to the directory server, e.g.: ldap://localhost:389, or port 636 for SSL. |
Secure SSL |
Specifies whether the connection to the directory server is an SSL connection. |
Use Node Referrals |
Use the JNDI lookup java.naming.referral option. Generally needed for Active Directory servers configured without proper DNS, to prevent a 'javax.naming.PartialResultException: Unprocessed Continuation Reference(s)' error. |
Use Nested Groups |
Enable or disable support for nested groups on the LDAP user directory.
This feature is available in Crowd 1.4.4 and later. |
Use Paged Results |
Use the LDAP control extension for simple paging of search results. Retrieves chunks of data rather than all of the search results at once. This feature may be necessary when using Microsoft Active Directory if more than 999 results are returned for any given search. |
Paged Results Size |
Enter the desired page size i.e. the maximum number of search results to be returned per page, when paged results are enabled. Defaults to 999 results. This option is available from Crowd 1.1.1. |
Base DN |
Enter the root distinguished name to use when running queries versus the directory server, e.g.: o=acmecorp,c=com. |
User DN |
Distinguished name of the user that Crowd will use when connecting to the directory server. |
Password |
The password that Crowd will use when connecting to the directory server. |
Configuration notes for Microsoft Active Directory
Active Directory Attribute Example |
Value |
Base DN |
cn=users,dc=ad,dc=acmecorp,dc=com |
User DN |
administrator@ad.acmecorp.com |
For Microsoft Active Directory, specify the Base DN in the following format: dc=domain1,dc=local. You will need to replace the domain1 and local for your specific configuration. Microsoft Server provides a tool called ldp.exe which is useful for finding out and configuring the the LDAP structure of your server.
The URL for Microsoft Active Directory should be in the following format: ldap://domainname.
 | Configuring an SSL Certificate for Microsoft Active Directory
If you wish to use Crowd to add users or change passwords in Microsoft Active Directory, you will need to install an SSL certificated generated by your Active Directory server and then install the certificate into your JVM keystore. Please read the instructions: Configuring an SSL Certificate for Microsoft Active Directory. |
 | Integrating Crowd with ADAM
We have not tested Crowd integration with Active Directory Application Mode (ADAM). However, ADAM and Active Directory share the same code base, LDAP interface and API. So ADAM should work with Crowd, following the same integration instructions as above. If you try it, we'd be interested to hear of your experiences. |
Next Step
Go back to Configuring an LDAP Directory Connector
RELATED TOPICS
Crowd Documentation
|