Documentation on Active Directory integration
PostPosted:Wed Jul 01, 2020 3:01 pm
Hello,
Is there any good documentation on the Active Directory Setup? I have seen the pages in the online manual here and here.
Both I find to be a bit lacking in information and one of which is a for a slightly older version. I would like to help the documentation by having additional information added if I could get some input from the Dev team (or someone in the know) on what the parameters all mean. For example while going through this I have several questions that I think a lot of users will have as they attempt to configure this. Here are just some of my questions.
1) What is the difference between the configuration done in OpenKM.xml and in the admin interface?
2) What parts of the configuration are mandatory vs optional?
3) What does each configuration parameter do?
4) Are the roles just security groups in active directory with members in them?
5) Does the user account used to bind to AD for searching for information need to be an admin or can it be a standard user?
In one set of documentation it shows using the administrator account which I believe to be a bad practice since the password would be stored in the configuration in plain text. It would make sense to use a non privileged user for this. In another set it showed using a user called "connect" which was just an example but I think they were saying not to use the admin account.
I would be willing to do a write-up on the active directory configuration if I could get a) mine to work first and b) dev team or equivalent support for answering the questions that I have.
I think what would be beneficial is a complete start to finish active directory setup guide with screenshots from the actual management tools so it is very clear how to set it up. From some of the postings I have seen on the forum so far many people are wasting days of time trying to get this "feature" up and functioning in their environment.
I understand that there are many many ways to configure this but a little better documentation I think would go a long way.
Let me know what people out there think of this idea.
EDIT: Also mods if this would be better served in a different place please move it. I figured it was configuration related so I chose configuration.
Thanks,
Rich
Is there any good documentation on the Active Directory Setup? I have seen the pages in the online manual here and here.
Both I find to be a bit lacking in information and one of which is a for a slightly older version. I would like to help the documentation by having additional information added if I could get some input from the Dev team (or someone in the know) on what the parameters all mean. For example while going through this I have several questions that I think a lot of users will have as they attempt to configure this. Here are just some of my questions.
1) What is the difference between the configuration done in OpenKM.xml and in the admin interface?
2) What parts of the configuration are mandatory vs optional?
3) What does each configuration parameter do?
4) Are the roles just security groups in active directory with members in them?
5) Does the user account used to bind to AD for searching for information need to be an admin or can it be a standard user?
In one set of documentation it shows using the administrator account which I believe to be a bad practice since the password would be stored in the configuration in plain text. It would make sense to use a non privileged user for this. In another set it showed using a user called "connect" which was just an example but I think they were saying not to use the admin account.
I would be willing to do a write-up on the active directory configuration if I could get a) mine to work first and b) dev team or equivalent support for answering the questions that I have.
I think what would be beneficial is a complete start to finish active directory setup guide with screenshots from the actual management tools so it is very clear how to set it up. From some of the postings I have seen on the forum so far many people are wasting days of time trying to get this "feature" up and functioning in their environment.
I understand that there are many many ways to configure this but a little better documentation I think would go a long way.
Let me know what people out there think of this idea.
EDIT: Also mods if this would be better served in a different place please move it. I figured it was configuration related so I chose configuration.
Thanks,
Rich