Configure Active Directory Server User Authentication

User Emails

The email address associated with the AD User is automatically added to the Sintelix user profile. If the AD email is different from the email address in the Sintelix User profile, then the user profile is updated to the AD email address.

User Emails

To configure Active Directory server user authentication:

Go to the file: <Sintelix Database Directory>\external-users\user_repositories.xml
To find the location of your Sintelix database folder, select the Status tab and find the System Configuration section. the location is displayed in the Main datastore location field.
In the Configurations section under ‘example: an Active Directory repository’, make the changes you require to the code. Use the code below as a guide.

Examples

Example

Copy

<item class="com.sintelix.semanticportal.login.external.ActiveDirectoryConfiguration">
    <url>ldap://localhost:389/</url>

    <defaultDomain>example.com</defaultDomain>
    <userSearchPattern>(&(objectClass=user)(userPrincipalName={0}))</userSearchPattern>

    <adminGroups>
        <item>Admins</item>
    </adminGroups>
    <userGroups role="CONFIGURE">
        <item>Admins</item>
    </userGroups>
    <userGroups role="ANALYST">
        <item>Users</item>
    </userGroups>
    <allAdmins>false</allAdmins>
    <allUsers role="CONFIGURE">false</allUsers>
</item>

url : the URL of the AD server (ldap:// or ldaps:// protocol).
If the configured Domain Controller (DC) goes offline, add the IP address of the live DC as illustrated in the following example:
defaultDomain : the user domain to append if the user name has no domain component. If it's empty, users need to enter name as their login name.
userNameAttribute External User Repository for Active Directory supports defining the format of the user name to be applied when an external user is added to Sintelix. Include <userNameAttribute>cn</userNameAttribute> in the userrepositories.xml, with the value of cn for common name or "UserPrincipalName" for the user name with domain suffix.
userSearchPattern : the pattern to use when searching for the user. {0} is the user name with domain. {1} is the user name without domain. By default it’s (&(objectClass=user)(userPrincipalName={0})) which is the login used by Windows 2000 and later systems. One possible alternative is (&(objectClass=user)(sAMAccountName={1})) to use the pre-Windows 2000 user login name.
adminGroups : a list of groups which, if the user belongs to one of them, the user gets Administrator access.
userGroups : a list of groups which, if the user belongs to one of them, the user gets the user access of the given role (defaults to CONFIGURE, they can be declared multiple times with different roles, evaluated in order of occurrence).
allAdmins : overrides group search and gives all authenticated users administrator access.
allUsers : overrides group search and gives all authenticated users the user access of the given role (defaults to CONFIGURE).