From 56a8276dbf871a04879ead951e9259280769e2e5 Mon Sep 17 00:00:00 2001 From: bbrendon Date: Mon, 31 Jan 2022 03:11:01 -0800 Subject: [PATCH] website/integrations: update active directory docs (#2177) --- .../sources/active-directory/index.md | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/website/integrations/sources/active-directory/index.md b/website/integrations/sources/active-directory/index.md index 769d3eb5d..a5773272a 100644 --- a/website/integrations/sources/active-directory/index.md +++ b/website/integrations/sources/active-directory/index.md @@ -31,17 +31,17 @@ The following placeholders will be used: ![](./03_additional_perms.png) -Additional infos: https://support.microfocus.com/kb/doc.php?id=7023371 +Additional info: https://support.microfocus.com/kb/doc.php?id=7023371 ## authentik Setup -In authentik, create a new LDAP Source in Resources -> Sources. +In authentik, create a new LDAP Source in Directory -> Federation & Social login. Use these settings: - Server URI: `ldap://ad.company` - For authentik to be able to write passwords back to Active Directory, make sure to use `ldaps://` + For authentik to be able to write passwords back to Active Directory, make sure to use `ldaps://`. You can test to verify LDAPS is working using `ldp.exe`. You can specify multiple servers by separating URIs with a comma, like `ldap://dc1.ad.company,ldap://dc2.ad.company`. @@ -53,17 +53,16 @@ Use these settings: - Property mappings: Control/Command-select all Mappings which start with "authentik default LDAP" and "authentik default Active Directory" - Group property mappings: Select "authentik default LDAP Mapping: Name" -The other settings might need to be adjusted based on the setup of your domain. +Additional settings that might need to be adjusted based on the setup of your domain: -- Addition User/Group DN: Additional DN which is _prepended_ to your Base DN for user synchronization. -- Addition Group DN: Additional DN which is _prepended_ to your Base DN for group synchronization. -- User object filter: Which objects should be considered users. +- Group: If enabled, all synchronized groups will be given this group as a parent. +- Addition User/Group DN: Additional DN which is _prepended_ to your Base DN configured above to limit the scope of synchronization for Users and Groups +- User object filter: Which objects should be considered users. For Active Directory set it to `(&(objectClass=user)(!(objectClass=computer)))` to exclude Computer accounts. - Group object filter: Which objects should be considered groups. - Group membership field: Which user field saves the group membership - Object uniqueness field: A user field which contains a unique Identifier -- Sync parent group: If enabled, all synchronized groups will be given this group as a parent. -After you save the source, a synchronization will start in the background. When its done, you cen see the summary on the System Tasks page. +After you save the source, a synchronization will start in the background. When its done, you can see the summary under Dashboards -> System Tasks. ![](./10_ak_status.png)