Secure Search can be used based on the LDAP/Active Directory configuration by enabling the checkbox LDAP/AD Realm and providing the required settings, as shown:


# **LDAP Settings**

  1. Select LDAP/AD Realm


  1. Give the required LDAP details

**LDAP URL**LDAP URL that specifies a base search for the entries
**Search Base**Search Base for the active directory
**Username**Admin username
**Password**Password for the username
  1. Test the connection. For a successful connection you would get the message as shown:


# **Add Security Group**

  1. Using this setting you can configure security group settings for LDAP/ Active Directory.


  1. Give the parameters for the Security Group for LDAP. The information on the parameters is provided in the following table

**Group Name**Name of the security group. This can be given by the user based on their OU or requirement. Group Name accepts alphanumeric characters of length min. 3 - max. 50 characters. The only special character allowed in Group Name is underscore.
**Search Base**Search Base for the active directory/security group
**Role**There are two values Normal or Sensitive. Default is Normal. Sensitive users have access to encrypted content [Collection Encryption](🔗)
**Priority**The priority of the Group. Usecase: If a user is in two groups, the group which has a greater priority will be taken as the user group.
**Collections**Collections accessible by the users in the Group
  1. After adding the groups, you can view the same under _Security User Groups_ dashboard as shown:


# **Features of Security Groups in LDAP Realm**

## Group Settings

  • After providing the LDAP settings, it is mandatory to give Group settings. This is required to integrate collection based security with LDAP security for the search results.

  • When creating a group, one can assign a set of collections to the same, then the user belonging to the group will have access only to the same set of collections.

  • The users belonging to the OU, that is, Organizational Unit will belong to the group

  • It is possible to create more than one group for one Organizational Unit (OU)

  • The permissions and users for a group are fetched based on the search base provided, and therefore, it is an important parameter for Security User Group creation

## Group Naming

  • LDAP security groups can be named according to the Microsoft naming convention, allowing special characters.

  • According to the [Microsoft documentation](🔗), the LDAP distinguished name is globally unique. For example, the distinguished name of a computer named mycomputer in the MyOrganizationalUnit organizational unit in the domain is CN=mycomputer, OU=MyOrganizationalUnit, DC=microsoft, DC=com.

  • For example, “A602-AC-DMASFS2_sdata RW”

## Priority

  • When a user is available in two groups, they will be considered in the group of higher priority. For example, Let us consider that the user belongs to group A with priority 5 and access to collection 1 and also belongs to group B with priority 3 and access to collection 2. Due to higher priority in group A, they will be considered to belong in Group A and therefore, will have access to results only for collection 1.

## Sensitive User

  • Only the users with a sensitive role would be able to view encrypted content. Please refer [Collection Encryption](🔗) for more details on Encryption.

# **Accessing Secure Search for LDAP Realm**

Log in using LDAP/AD credentials here: [http://localhost:8080/searchblox/plugin/index.html ](🔗)


Then perform the secure search.