Configuring MS Active Directory Authentication

The following topic describes how to configure the user authentication via the Microsoft Active Directory Service.

To configure user authentication via the Microsoft Active Directory Service:

Login into Microsoft Windows as Administrator
Export the LDAP context to a file.

ldifde –f ldap.txt

Open the resulting ldap.txt file. The first line of the file should be:

Copy Code

dn: DC=ldap-server,DC=my-company,DC=com

Enable LDAP in trackstudio.security.properties:

Copy Code

trackstudio.useLDAP yes

Set the base DN to cn=users for the specified DN:

Copy Code

ldap.baseDN = cn=users,dc=ldap-server,dc=my-company,dc=com

Set the user which will be used to login to the LDAP (AD) server:

Copy Code

ldap.userDN = cn=Administrator,cn=users,dc=ldap-server,dc=my-company,dc=com

To login by Name set:

Copy Code

ldap.loginAttrLDAP=displayName
ldap.loginAttrTS name

To login by Login set:

Copy Code

ldap.loginAttrTS login
ldap.loginAttrLDAP=sAMAccountName

Set the password.

9. Click the Test Connection button to test the LDAP connection.

How it works:

If trackstudio.useLDAP is set to yes, TrackStudio will connect to the specified LDAP server during login and performs authentication using the login and password specified in ldap.userDN and ldap.userDNpass. TrackStudio then performs database query and finds the user in the local database by specified login and password. After that TrackStudio searches in the LDAP server for the user, the ldap.loginAttrLDAP parameter which is equal to the name or the login (depending on ldap.loginAttrTS value) of the found user. Then the authentication of the found user is performed using the password specified in the login window.

Notes

You should always use your TrackStudio login in the Login window.
Even if you use LDAP authorization, you will have to register a new user in TrackStudio first.
When you change the password under the Change Password tab, the password will changed in the database, but not in the LDAP server.
A user can log in if his/her password matches the one stored in the database or the one specified in LDAP. To avoid authorization via the local database, you should remove com.trackstudio.app.adapter.auth.SimpleAuthAdapter from the pipeline in the trackstudio.adapter.properties file.