close

Filter

loading table of contents...

Content Server Manual / Version 2207

Table Of Contents

3.12.4 ActiveDirectoryUserProvider

CoreMedia CMS ships with a com.coremedia.ldap.UserProvider implementation for accessing Microsoft's Active Directory Server: The com.coremedia.ldap.ad.SimpleActiveDirectoryUserProvider. For using it you have to configure the following.

Note

Note

If you are migrating from an earlier version of CoreMedia Content Cloud, you will have noticed that the SimpleActiveDirectoryUserProvider is new. The ActiveDirectoryUserProvider is still available, no action is required for existing projects, and the following configuration steps are the same for both UserProviders.

The ActiveDirectoryUserProvider works only with Windows Server Active Directory, while the SimpleActiveDirectoryUserProvider is also suitable for Azure Domain Services. If the userPrincipalName attribute is equivalent to the sAMAccountName and the distinguished name of users, the UserProviders are compatible. While this is the case in Windows Server Active Directory with default configuration, it does not hold for Azure Domain Services. Therefore, CoreMedia introduces the new sAMAccountName based SimpleActiveDirectoryUserProvider, because the userPrincipalName in Azure Domain Services is not suitable for our needs.

Our recommendation is to use the SimpleActiveDirectoryUserProvider in new projects and to use the ActiveDirectoryUserProvider:

  • In existing projects (in order to avoid any risk).

  • If you definitely favor the userPrincipleName over the sAMAccountName.

  1. Tell the Content Server to use an Active Directory Server for authentication by configuring the following properties. (If you configure multiple UserProviders, take care for the grouping numbers in the property keys.)

    cap.server.userproviders[0].provider-class=\
    com.coremedia.ldap.ad.SimpleActiveDirectoryUserProvider
    
  2. Set the environment specific Active Directory Server properties as follows:

    1. Set your Active Directory Servers host (and port, if it deviates from the standard ports 389 or 636 for LDAPs):

      cap.server.userproviders[0].ldap.host=<your-active-directory-server-host>
      
    2. Set your Administrator's distinguished name and password:

      cap.server.userproviders[0].java.naming.security.principal=\
      CN=Administrator,CN=Users,DC=your,DC=domain
      cap.server.userproviders[0].java.naming.security.credentials=<password>
      
    3. Define the base distinguished names where the UserProvider may find users and groups. You can define more than one base distinguished name by entries of increasing index for base-distinguished-names(see also Section 3.12.3, “LdapUserProvider”.

      cap.server.userproviders[0].ldap.base-distinguished-names[0]=\
      CN=Users,DC=your,DC=domain
      
  3. Activate the hox.corem.login.LdapLoginModule in properties/corem/jaas.conf:

    1. At the end of the file you will find a section, defining the needed login module. Activate it by commenting it out.

    2. Set the host and port of your Active Directory Server into the corresponding attributes of the login module.

    3. Set the domain which you chose as domain beneath which your user accounts are stored in step 2.3 above.

Note

Note

The above description applies to Windows Server 2008 and newer. If you use an Azure Domain Service instead, the default location of users and groups is OU=AADDC Users rather than CN=Users. This affects steps 2.b and 2.c.

If you are using an Azure Domain Service or if your Windows Server Active Directory is restricted to LDAPS, proceed with the next section, "Connecting LDAP Over SSL".

Before you may use your Active Directory Accounts within your CoreMedia CMS, you have to define rules for all the given groups your CMS user may be members of. You have to do this as user admin. Remember that all CoreMedia system users are not administrated within the Active Directory or any other LDAP server but only from inside of the CoreMedia system itself. Thus, you must not choose any domain when logging into the CoreMedia CMS as user admin.

Search Results

Table Of Contents
warning

Your Internet Explorer is no longer supported.

Please use Mozilla Firefox, Google Chrome, or Microsoft Edge.