Home → Using LincDoc 3.0 → Security → Active Directory
10.4. Active Directory
Setting up Active Dirctory
You must first go to LWSA and configure a "bind" account to Active Directory. The steps are:
- choose the radio button for "other LDAP directory"
- for the LDAP URI, type in ldap://AD_server:3268 (replace AD_server with the hostname or IP address of your AD server)
- search base DN: this is the base distinguished name from which all users and groups utilized by LincDoc are children; for example, ou=Human Resources, dc=example, dc=com
- bind DN: the fully qualified distinguished name of a service account (the dsquery user command is useful for identifying the DN)
- password for the "bind DN" account
- group DN for administrative LincDoc users: normally this field is left blank (only use if instructed by LincDoc personnel)
- save changes, and restart services if the system instructs you to
In order for an AD user to login, they must first be granted the "login" role. To set this up, click on the System icon (upper right) and choose User/Group Maintenance.
- go to the Users tab and find the desired AD user
- ensure the AD user has at least the "login" group assigned to him/her
- alternatively, go to the Groups tab and pick an AD group that the user is in and grant "login" to the group
- save changes
- note: it is not possible to add or change AD users, nor AD groups, from inside LincDoc: you must use standard mechanisms in Active Directory for those types of operations
- note 2: LincDoc does NOT use single signon via NTLM authentication at this point, so the user will be forced to login for each new browser session
Active Directory user attributes
You can prepopulate LincDoc fields from attributes from the logged in user's Active Directory record.
In Admin / Edit / Fields/Sections, in Advanced Field Attributes, check Default Calculation to be on, then hit the "details" arrow on the right, select Edit Calculation, make sure the function icon is selected, , and then select the UserAttribute function from the drop-down. Then select the desired attribute in the new drop-down. Currently, only username, full name, or email address are available.