You can connect to Windows Active Directory (in read-only mode). In order for the Active Directory user manager option to be available in the User manager tab of the Users / Groups section in JMap Admin, you must include the following line in the JMAP_HOME/conf/jmapserver.properties file:
usermanager.ad=com.kheops.jmap.server.security.ActiveDirectoryUserManager
We recommend you use the Composite user manager instead of simply using the Active Directory user manager. This will allow you to maintain access to JMap Admin even if errors arise in the configuration of Active Directory.
In the User manager section, select the Composite user manager and add the Active Directory user manager. A new interface opens, allowing you to enter the settings to configure the connection to the Active Directory server.
Active Directory
Friendly name
Name used to easily identify the Active Directory user manager.
Server address
Address of the Windows domain controller server configured with Active Directory. You can add several Active Directory servers by separating them with a space.
Example:
ldap://host1 ldap://host2
where host1
and host2
are the Active Directory server URL. Active Directory is based on LDAP.
DN
Unique identifier (Distinguished Name) pointing at the root of the directory. Composed of a list of DC (Domain Component) entries.
Example:
dc=k2
,dc=com
Domain
Name of the Windows domain.
Example:
k2.com
User / SPN
User name that JMap Server will use to connect to the Active Directory. It is recommended to create a user especially for JMap. Its password should never expire. If you wish to use single sign-on, you will have to create an SPN (Service Principal Name) associated with this user. See for more details.
Password
Password of the user JMap Server will use to connect to the Active Directory.
Admin. password
A user named administrator must always exist in JMap. If no administrator user exists in the Active Directory, JMap will simulate one. In such a case, provide the password associated with this user. If the user administrator does exist in the Active Directory and a password is entered, this password will simply be ignored.
Enable single sign-on
Enables the single sign-on option. See for more details.
Default / Custom LDAP configuration
Active Directory is based on LDAP. This option allows for the use of LDAP parameters that are most commonly used for Active Directory. However, if those parameters don’t match the ones in use, it is possible to specify custom values. The settings are described in the following section, .
Max page size
Active Directory limits the transaction size to a maximum number of records at a time (page size). The value of this parameter must not be greater than the maximum size authorized by Active Directory (1000 is the default value in Active Directory). If the size is too small, this can reduce performance. A size greater than the authorized limit will cause missing data in the user list.