Links
TrackStudio Enterprise 3.5
Configuring MS Active Directory Authentication

The following topic describes how to configure the user authentication via the Microsoft Active Directory Service.

To configure user authentication via the Microsoft Active Directory Service:
  1. Login into Microsoft Windows as Administrator
  2. Export the LDAP context to a file.
ldifde –f ldap.txt
  1. Open the resulting ldap.txt file. The first line of the file should be:
dn: DC=ldap-server,DC=my-company,DC=com
  1. Enable LDAP in trackstudio.security.properties:
trackstudio.useLDAP yes
  1. Set the base DN to cn=users for the specified DN:
ldap.baseDN = cn=users,dc=ldap-server,dc=my-company,dc=com
  1. Set the user which will be used to login to the LDAP (AD) server:
ldap.userDN = cn=Administrator,cn=users,dc=ldap-server,dc=my-company,dc=com
  1. To login by Name set:
ldap.loginAttrLDAP=displayName
ldap.loginAttrTS name

To login by Login set:

ldap.loginAttrTS login
ldap.loginAttrLDAP=sAMAccountName
  1. Set the password.

9. Click the Test Connection button to test the LDAP connection. 

 

How it works:

If trackstudio.useLDAP is set to yes, TrackStudio will connect to the specified LDAP server during login and performs authentication using the login and password specified in ldap.userDN and ldap.userDNpass. TrackStudio then performs database query and finds the user in the local database by specified login and password. After that TrackStudio searches in the LDAP server for the user, the ldap.loginAttrLDAP parameter which is equal to the name or the login (depending on ldap.loginAttrTS value) of the found user. Then the authentication of the found user is performed using the password specified in the login window.

  • You should always use your TrackStudio login in the Login window.
  • Even if you use LDAP authorization, you will have to register a new user in TrackStudio first.
  • When you change the password under the Change Password tab, the password will changed in the database, but not in the LDAP server.
  • A user can log in if his/her password matches the one stored in the database or the one specified in LDAP. To avoid authorization via the local database, you should remove com.trackstudio.app.adapter.auth.SimpleAuthAdapter from the pipeline in the trackstudio.adapter.properties file.