How to use the DirectAD on the Identify

Version: 4.2++

When the client wants to use the LDAP transformation as well as LDAP authentication, he needs to configure the LDAPWS to use for them.

And now he doesn't need to set up LDAPWS; he can use his own AD directly for the LDAP transformation and the LDAP authentication.

How to do:

  • Open the web.config file on the Runtime folder in a text editor.
  • Under <appSettings>-section, we add the following section:
<GAD>
<ADToolBox>
<!-- Path to the Active Directory. This can be either the domain or a specific server -->
<LDAPPath>LDAP://yourdomain.com</LDAPPath>
<!-- The root of all LDAP operations. All operations will be restricted to this root -->
<DomainRoot>DC=yourdomain,DC=com</DomainRoot>
<!-- Set to true, to prevent memory leaks in long running processes -->
<DisposeSearchResultCollections>True</DisposeSearchResultCollections>
<Authentication>
<!-- Set to true to use the app pool identity. Set to false to use the specified account -->
<Impersonate>True</Impersonate>
<!-- The username to use, if not impersonating -->
<UserName></UserName>
<!-- The password to use, if not impersonating -->
<Password encrypted="False"></Password>
<!-- Don't change -->
<AuthenticationType>Secure</AuthenticationType>
</Authentication>
</ADToolBox>
<DirectoryRepository>
<DirectoryRepositoryConfiguration configFile="~/DirectoryRepositoryConfiguration.config" />
<PasswordGeneratorConfiguration configFile="~/PasswordGeneratorConfiguration.config" />
</DirectoryRepository>
</GAD>
  • Technically, the LDAP plug-in of Safewhere*Identify supports two methods of getting groups from AD: a new one and a legacy one. Although the new method is supposed to be faster than the legacy one, it might encounter errors with some specific AD setup. When that is the case, consider to add this setting to <appSettings>-section on the web.config file to switch to the legacy method.
<add key="UseLegacyGetGroupsMethod" value="true"/>
  • Save the web.config file.
  • Reset IIS.
  • Log in to the Identify*Admin, set the "None" option on the "LdapWS service name" drop-down list for the LDAP transformation or LDAP authentication.