This discussion is archived
4 Replies Latest reply: Jul 30, 2013 2:49 AM by hfolguera RSS

Active Directory integration

hfolguera Newbie
Currently Being Moderated

Hi!

We have a Webcenter Content 11.1.1.6 + WLS 10.3.6 installation and we have configured an Active Directory security provider in WLS console and UCM.

 

AD groups are in a hierarchy structure.

We are able to see all groups in WLS console, and the "participation" tab shows the relation with the AD parent group.

We are able to see all users in WLS console but only the lowest level groups are shown in the "groups" tab of a user.

Users are able to log in to UCM and the get ONLY the lowest level groups as a role.

 

How can we get ALL the AD groups as a roles? Is a WLS configuration problem?

 

Both configurations are working properly (despite of the parent groups). Should the system inherit the parent groups by default?

 

Thanks in advance.

  • 1. Re: Active Directory integration
    Srinath Menon Guru
    Currently Being Moderated

    Hi ,

     

    We are able to see all users in WLS console but only the lowest level groups are shown in the "groups" tab of a user.

    This would be directly related to the Group relationship parameter set in WLS Console - Security Realm - my realm - Providers - AD Provider - Provider specific . There you might have set the relationship to list only the lowest level groups .

     

    Thanks,

    Srinath

  • 2. Re: Active Directory integration
    hfolguera Newbie
    Currently Being Moderated

    Hi Srinath,

     

    In the provider specifit configuration the group search scope is set to subtree and group membership searching set to unlimited.

    Is necessary to set any other parameter?

  • 3. Re: Active Directory integration
    Prateek Mohan Newbie
    Currently Being Moderated

    At UCM end, also ensure in your <UCM_INSTANCE>/content/cs/data/providers/jpsuserprovider/provider.hda

     

    UseGroupFilter=false

    UseFullGroupName=false

     

    Recursive groups should work fine and be seen in user's assigned Roles inside UCM as well.

  • 4. Re: Active Directory integration
    hfolguera Newbie
    Currently Being Moderated

    Well...I've created a specific provider for AD with the following properties:

     

    AttributeMap=displayName:dFullName

    DefaultNetworkRoles=guest

    LdapAdminDN=<user>

    LdapAdminPassword=<password>

    LdapAdminPasswordEncoding=AES

    LdapConnectionTimeoutInMins=10

    LdapPort=389

    LdapServer=ad.intranet.local

    LdapSuffix=dc=ad,dc=intranet,dc=local

    NumConnections=5

    PasswordScope=ad

    Priority=1

    ProviderClass=ldap.ActiveDirectoryLdapProvider

    ProviderConfig=

    ProviderConnection=intradoc.provider.LdapConnection

    ProviderCredentialsMap=

    ProviderType=ldapuser

    RolePrefix=OU=Grupos,DC=ad,DC=intranet,DC=local[1]

    SourcePath=ad.intranet.local

    UseFullGroupName=false

    UseGroupFilter=false

    UseSecureLdap=

    blDateFormat=M/d{/yy}{ h:mm[:ss]{ a}}!mAM,PM!tEurope/Madrid

    pLastModified=1374662625000

    pName=AD

     

    Should I use the jpsuserprovider?

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points