Windows Authentication Configuration

Use the following information to enter the correct Lightweight Directory Access Protocol (LDAP) details for AD Authentication Configuration:

Note: This information is spread over two pages in the Installation Wizard.

Page 1 (of 2):

• Server url: The LDAP URL, including the port number.

• Use SSL: Select if you want to secure the connection with SSL.

• Base DN: The base point from where to perform user/group search.

• User object filter: The LDAP filter to use when searching for user objects.

• Group object filter: The LDAP filter to use when searching for group objects.

• Global Property Mapping

  • Distinguished name: The name of the LDAP User and Group attribute that contain the object distinguished name (DN).

• User Property Mapping

  • Organisation: The name of the LDAP User attribute that will populate the Organization claim.

  • User name: The name of the LDAP User attribute that represents the user name.

  • Display name: The name of the LDAP User attribute that will populate the DisplayName claim.

  • Email: The name of the LDAP User attribute that will populate the E-mail claim.

• Group Property Mapping

  • Group members: The name of the LDAP Group attribute that references the group member distinguishedNames (DN).

    

Page 2 (of 2):

• Reader Capability, Author Capability, Creator Capability and Administrator Capability

  • Distinguished group name: you can add one or more groups to each capability. Use the group's distinguished name.

  • Everyone - select this option to give all users, no matter what group, access to this capability.

    Note: Administrator Capability does not support use of "Everyone".

    

See Security Token Service (STS) for details on the different types of user capabilities.