Secure Search can be used based on the LDAP/Active Directory configuration by enabling the checkbox LDAP/AD Realm and providing the required settings, as shown:
- Select LDAP/AD Realm
- Give the required LDAP details
LDAP URL that specifies a base search for the entries
Search Base for the active directory
Password for the username
- Test the connection. For a successful connection you would get the message as shown:
- Using this setting you can configure security group settings for LDAP/ Active Directory.
- Give the parameters for the Security Group for LDAP. The information on the parameters is provided in the following table
Name of the security group. This can be given by the user based on their OU or requirement.
Search Base for the active directory/security group
There are two values Normal or Sensitive. Default is Normal.
The priority of the Group.
Collections accessible by the users in the Group
- After adding the groups, you can view the same under Security User Groups dashboard as shown:
- After providing the LDAP settings, it is mandatory to give Group settings. This is required to integrate collection based security with LDAP security for the search results.
- When creating a group, one can assign a set of collections to the same, then the user belonging to the group will have access only to the same set of collections.
- The users belonging to the OU, that is, Organizational Unit will belong to the group
- It is possible to create more than one group for one Organizational Unit (OU)
- The permissions and users for a group are fetched based on the search base provided, and therefore, it is an important parameter for Security User Group creation
- LDAP security groups can be named according to the Microsoft naming convention, allowing special characters.
- According to the Microsoft documentation, the LDAP distinguished name is globally unique. For example, the distinguished name of a computer named mycomputer in the MyOrganizationalUnit organizational unit in the microsoft.com domain is CN=mycomputer, OU=MyOrganizationalUnit, DC=microsoft, DC=com.
- For example, “A602-AC-DMASFS2_sdata RW”
- When a user is available in two groups, they will be considered in the group of higher priority.
Let us consider that the user belongs to group A with priority 5 and access to collection 1 and also belongs to group B with priority 3 and access to collection 2. Due to higher priority in group A, they will be considered to belong in Group A and therefore, will have access to results only for collection 1.
- Only the users with a sensitive role would be able to view encrypted content. Please refer Collection Encryption for more details on Encryption.
Log in using LDAP/AD credentials here:
Then perform the secure search.
Updated about 1 year ago