Summary. How-To: Active Directory Integration. April, 2006



Similar documents
Configuring User Identification via Active Directory

Field Description Example. IP address of your DNS server. It is used to resolve fully qualified domain names

IIS, FTP Server and Windows

Upgrading User-ID. Tech Note PAN-OS , Palo Alto Networks, Inc.

Dynamic DNS How-To Guide

To enable an application to use external usernames and passwords, you need to first configure CA EEM to use external directories.

Mozilla Thunderbird: Setup & Configuration Learning Guide

Client configuration and migration Guide Setting up Thunderbird 3.1

Configuring MailArchiva with Insight Server

Getting Started with Clearlogin A Guide for Administrators V1.01

PineApp Surf-SeCure Quick

How to Logon with Domain Credentials to a Server in a Workgroup

escan SBS 2008 Installation Guide

LDAP User Guide PowerSchool Premier 5.1 Student Information System

Configuring Sponsor Authentication

Adobe Connect LMS Integration for Blackboard Learn 9

LDaemon. This document is provided as a step by step procedure for setting up LDaemon and common LDaemon clients.

Active Directory Integration for Greentree

Active Directory Integration

How to Configure Active Directory based User Authentication

WaveWare Technologies, Inc. We Deliver Information at the Speed of Light

Please return this document to when complete.

DESLock+ Basic Setup Guide Version 1.20, rev: June 9th 2014

Siteminder Integration Guide

OUTLOOK EXPRESS ACCOUNT SETUP FOR USE WITH ELLIPSE ADVANCED SPAM FILTER

Group Management Server User Guide

Integrating LANGuardian with Active Directory

Verify LDAP over SSL/TLS (LDAPS) and CA Certificate Using Ldp.exe

SQL Server Setup for Assistant/Pro applications Compliance Information Systems

Polycom RealPresence Resource Manager System Getting Started Guide

HP Device Manager 4.6

Active Directory Integration

Creating Custom Nameservers Contents

Device Log Export ENGLISH

VOIP-500 Series Phone CUCM 8.0.3a Integration Guide

Using Remote Web Workplace Version 1.01

Set up Outlook for your new student e mail with IMAP/POP3 settings

Dell Compellent Storage Center

Alcatel-Lucent Extended Communication Server Active directory synchronization : installation and administration

How To Set Up A Macintosh With A Cds And Cds On A Pc Or Macbook With A Domain Name On A Macbook (For A Pc) For A Domain Account (For An Ipad) For Free

Skyward LDAP Launch Kit Table of Contents

Hosted Microsoft Exchange Client Setup & Guide Book

Setting up LDAP settings for LiveCycle Workflow Business Activity Monitor

Training module 2 Installing VMware View

F-Secure Messaging Security Gateway. Deployment Guide

CRM to Exchange Synchronization

Open Thunderbird. To set up an account in Thunderbird, from the Tools menu select Account Settings; choose account; then click Next.

1. Open the preferences screen by opening the Mail menu and selecting Preferences...

Updated: 7/10/2013 Author: Tim Unten

NSi Mobile Installation Guide. Version 6.2

HP Device Manager 4.7

How to configure your client

DESKTOP CLIENT CONFIGURATION GUIDE BUSINESS

NETASQ ACTIVE DIRECTORY INTEGRATION

Configuration Guide for Active Directory Integration

How To Authenticate An Ssl Vpn With Libap On A Safeprocess On A Libp Server On A Fortigate On A Pc Or Ipad On A Ipad Or Ipa On A Macbook Or Ipod On A Network

Integrating Webalo with LDAP or Active Directory

Only LDAP-synchronized users can access SAML SSO-enabled web applications. Local end users and applications users cannot access them.

Basic Exchange Setup Guide

Setting up Sharp MX-Color Imagers for Inbound Fax Routing to or Network Folder

Using Internet or Windows Explorer to Upload Your Site

SchoolBooking LDAP Integration Guide

Data Guard Remote Backup v

Active Directory Authentication Integration

Using MailStore to Archive MDaemon

Configuration Manual

Authentication Methods

Querying Databases Using the DB Query and JDBC Query Nodes

Instructions. Outlook (Windows) Mail (Mac) Webmail Windows Live Mail iphone 4, 4S, 5, 5c, 5s Samsung Galaxy S4 BlackBerry

Standard Mailbox Software Setup Guide

DOMAIN CENTRAL HOSTING

netld External Authentication Setup Guide

Novell Open Workgroup Suite Small Business Edition Helpdesk

eprism Enterprise Tech Notes

Configuration Guide. BES12 Cloud

Webmail. Setting up your account

Microsoft Office 365 Exchange Online Cloud

Test Case 3 Active Directory Integration

NAS 206 Using NAS with Windows Active Directory

StarterPlus Mailbox Software Setup Guide

Windows 2000 Active Directory Configuration Guide

How to Configure Outlook Client for Exchange

Basic Exchange Setup Guide

Using different Security Policies on Group Level for AD within one Portal. SSL-VPN Security on Group Level. Introduction

Motorola TEAM WSM - Cisco Unified Communications Manager Integration

Configuring an IP (SIP) Polycom Soundstation on the Avaya IP Office

How To - Implement Single Sign On Authentication with Active Directory

WEB & MOBILE DEVELOPMENT. How To: Setup your address in Windows Vista Mail

Security Provider Integration Kerberos Server

This presentation explains how to integrate Microsoft Active Directory to enable LDAP authentication in the IBM InfoSphere Master Data Management

Sophos UTM Web Application Firewall for Microsoft Exchange connectivity

F-SECURE MESSAGING SECURITY GATEWAY

Customer Tips. Configuring Color Access on the WorkCentre 7328/7335/7345 using Windows Active Directory. for the user. Overview

Hosted Microsoft Exchange Client Setup & Guide Book

IRMACS Setup. Your IRMACS is available internally by the IMAP protocol. The server settings used are:

Set Up Setup with Microsoft Outlook 2007 using POP3

White Paper. Installation and Configuration of Fabasoft Folio IMAP Service. Fabasoft Folio 2015 Update Rollup 3

How to Back Up and Restore an ACT! Database Answer ID 19211

Administration Guide. BlackBerry Enterprise Service 12. Version 12.0

Wharf T&T bmail 2010 bmail End User Guide Version 1.0

Transcription:

How-To How-To Integrate CanIt-PRO with Active Directory: April, 2006 Summary Several organizations use Active Directory to manage their user accounts. This paper describes how to integrate CanIt-PRO with an Active Directory system. It will cover setting up the integration, testing it and common problems that can occur. 1

Getting Active Directory Information The first step of the process is to obtain the information required by CanIt-PRO for the Active Directory integration. The following table lists the data that is required and where it can be obtained from: Data Item Server IP/Name Active Directory Domain User account Location The IP address or fully qualified domain name (FQDN) of the Active Directory domain controller. If you have more than one domain controller then you may want to get this information for all of these. The domain of the Active Directory system. This should be easily accessible from the domain controller configuration. A user account is required to access the Active Directory system. This user only needs to have read access to the system. Once this information is obtained you will now need to convert the Active Directory Domain to a value that can be understood by the CanIt-PRO system. For each value that is separated by a period you will need to change that into a dc=value entry. The following list of examples should help in converting the domain into an base DN value. Domain Name domain.com complex.ad.domain dc=domain,dc=com Base DN Value dc=complex,dc=ad,dc=domain Configuring User Lookup Method Once you have all of the information needed from your Active Directory system you can begin to configure CanIt-PRO by creating a User Lookup method. This feature is accessed via the Setup menu item and selecting the User Lookups sub menu option. Clicking on the link Add a New User Lookup will start the process of creating a new lookup method. The first step is to assign a name for this method. Any name is acceptable here so long as it only contains numbers, letters, dashes, underscores and periods. When finished click on the Next >> button. You will want to select LDAP (Active Directory) from the drop down list provided. This will pre-populate some values found on the next page that are specific to an Active Directory implementation. You can also optionally add a comment for this lookup value. Clicking on the Next >> button will move onto the next step in the process. 2

On this page you will see several fields that can be filled in. The following table defines the values that should be edited and which values should be entered: Field Use this method for authentication LDAP server(s) Load-balance LDAP servers Base DN Bind DN Bind Password Strip domain name from login prior to authentication Value This value should be set to yes if you want to use your Active Directory system to allow end users to authenticate. NOTE, that by selecting yes, this does not automatically enable authentication via Active Directory, more on this later. This is a listing of the Active Directory Domain servers you obtained earlier. If you have more than one separate each entry with a comma. If you would like to have CanIt load balance the access across all of the servers mentioned in the above field select yes. Otherwise the list of servers will be used in a fall back mode. This is the Base DN created from the Active Directory Domain Name. The user ID of the account you have obtained to read from the Active Directory system. The password for the above account. If you plan on using multiple authentication mappings than this will strip out the domain name of the login account prior to using it for authentication purposes. This assumes that users will log into the CanIt-PRO system with their full email address. Once the values in this form have been filled out you will want to proceed to the next step by clicking on the Next >> button. A summary page is then displayed that allows you to review the items you have entered in on the previous page. Verify the values here are correct then finish the User Lookup creation process by clicking on the Finish button. Testing User Lookup Method To verify that your Active Directory User Lookup method is setup correctly CanIt-PRO provides a testing feature. This is accessed by going to the User Lookups page (under the Setup menu item). Beside the User Lookup method should be a link Test. By clicking on this link you will be taken to the Test page. This page allows you to test how this method will behave when performing authentication as well as how it will stream email addresses to end user accounts. For 3

the first item you will need to enter in the username and password of an account in the Active Directory system. If you want to see how email addresses are mapped to streams just enter in the email address in the form. Clicking on the Run the Test button will run the test. The output of each test is then displayed to you. At the end of each test it will inform you if the test was successful or if it failed. If the tests fail then you will want to check the output for possible causes. If the tests are successful then your CanIt-PRO system is successfully able to access your Active Directory system. Possible Authentication Errors The following table gives some possible items that can bee seen in the output of the authentication test: Message Possible Causes Could not connect to SERVER:PORT The CanIt system is unable to communicate to the AD server SERVER on port PORT Could not bind to SERVER:PORT as BindDN The user account information entered for the User Lookup is not correct No result from search This indicates that the user account you entered was not found in the Active Directory system Could not bind to SERVER:PORT as USER The test account password does not match what is in Active Directory. For the above table the value of SERVER is used for the Active Directory Server IP Address/Domain name. The value of PORT is used to indicate the Port that was used to connect to the Active Directory server. The value of BindDN is the user account used in the User Lookup configuration. The value of USER is the username entered in the form. In addition to the above error messages extra information may also be included on these lines. This extra information may be useful in finding the cause of the problem. The above is not a complete listing of possible errors but a list of the most common ones found. Possible Stream Mapping Errors The following table gives some possible items that can be seen in the output of the stream mapping test: 4

Message could not connect to LDAP server SERVER Possible Causes The CanIt system is unable to communicate to the AD server SERVER Unable to bind to server The user account information entered for the User Lookup is not correct Could not search for query The user account entered in the User Lookup does not have the ability to search the Active Directory system No user found for query A user was unable to be found for the given EMAIL address Could not find a StreamAttr value for the query The record found that matches the given email address doesn't have an associated User ID value. For the above table the value of SERVER is used for the Active Directory Server IP Address/Domain name. In addition to the above error messages extra information may also be included on these lines. This extra information may be useful in finding the cause of the problem. The above is not a complete listing of possible errors but a list of the most common ones found. Using Active Directory for Stream Mapping Once you have your Active Directory User Lookup setup you can then use this to map email addresses to streams for individual users. This is done by adding an entry in the Domain Mappings table. This is done by accessing the Domain Mappings sub menu item from the Setup menu. From here you will want to enter in the domain name you wish to have email addresses mapped via the Active Directory system. From the drop down menu you would select the Active Directory User Lookup method that you created earlier. For example if you wanted to have domain.com mapped and my Active Directory User Lookup was called AD-UserLookup then I would enter in the text box 'domain.com' and select AD-UserLookup from the drop down menu and click the Submit Changes button. Once this is done any mail being received to this domain will be mapped to streams using the Active Directory User Lookup method mentioned. If all of your domains will be mapped using this Lookup method then you can enter in a value of '*' for the domain mapping. This will cause all email filtered by the CanIt- PRO system to be streamed using the Active Directory method given. 5

Using Active Directory For Authentication Once you have your Active Directory User lookup setup you can the use this to authenticate your users through CanIt-PRO. You will need to add an entry to the Authentication Mapping table. This is done by accessing the Authentication Mappings sub menu item from the Setup menu. From here you will want to enter in the domain name you wish to use your Active Directory User Lookup to authenticate users. From the drop down menu you will want to select the name of the User Lookup method that you created earlier for Active Directory. You users will now need to log into the system with their full email address. If all of your domains will use the Active Directory method then you can use the '*' value for the domain name. This will also remove the need for users to include their domain name with their login id. 6

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information