9.4.3.4. Configuring the Active Directory Connector

A sample Active Directory Connector configuration file is provided in opendim/samples/provisioners/provisioner.openicf-ad.json. The following excerpt shows the configuration for the connector. 

{
    "connectorHostRef": "dotnet",
    "connectorName":
        "Org.IdentityConnectors.ActiveDirectory.ActiveDirectoryConnector",
    "bundleName": "ActiveDirectory.Connector",
    "bundleVersion": "1.0.0.6109"
}

The connectorHostRef must point by name to an existing connector info provider configuration, that you store in openidm/conf/provisioner.openicf.connectorinfoprovider.json. The connectorHostRef property is required as the Active Directory connector must be installed on a .NET connector server, which is always "remote" relative to OpenIDM.

The following excerpt shows the configuration for the connector info provider. 

{
    "connectorsLocation": "connectors",
    "remoteConnectorServers": [
        {
            "name": "dotnet",
            "host": "10.0.0.10",
            "port": 8759,
            "useSSL": false,
            "timeout": 0,
            "key": "Passw0rd"
        }
    ]
}

The following excerpt shows typical configuration properties.

{
    "DirectoryAdminName": "EXAMPLE\\Administrator",
    "DirectoryAdminPassword": "passw0rd",
    "ObjectClass": "User",
    "Container": "dc=example,dc=com",
    "CreateHomeDirectory": true,
    "LDAPHostName": "127.0.0.1",
    "SearchChildDomains": false,
    "DomainName": "example",
    "SyncGlobalCatalogServer": null,
    "SyncDomainController": null,
    "SearchContext": "dc=example,dc=com"
}
DirectoryAdminName

Account used to authenticate. This can be a domainname\user combination, or simply the user name.

DirectoryAdminPassword

Password used to authenticate

ObjectClass

Object class for user objects

Container

Base context for all searches

CreateHomeDirectory

When true, create a home directory for new users.

LDAPHostName

Use to enforce connection to a particular Active Directory server.

SearchChildDomains

When set to true or false, apply SyncGlobalCatalogServer and SyncDomainController settings

DomainName

Windows domain name

SyncGlobalCatalogServer

Global catalog server to use when searching child domains

SyncDomainController

Domain controller to use during synchronization when not searching child domains

SearchContext

Reserved for future use