Versions Compared

Old Version 5

changes.mady.by.user Former user

Saved on

compared with

New Version 6

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

MSAD allows you to uniquely specify users in two ways, in addition to the standard DN. If you're not having luck with the standard DN, give one of the two below a try. Each of the examples below is shown in the context of the managerDn property of the Acegi Security DefaultInitialDirContextFactory bean.

...

titleUseful Information

Note: The examples in this Binding section use DefaultInitialDirContextFactory. Be aware that you may need to use the same notation (i.e. Kerberos or Windows domain) in your user DN patterns.

Kerberos notation

Example: pentahoadmin@mycompany.com

...

In the LdapAuthenticator implementations provided by Acegi Security (e.g. BindAuthenticator), you must either specify a userDnPatterns, or a userSearch, or both. If you're using the Kerberos or Windows domain notation, you should use userDnPatterns exclusively in your LdapAuthenticator.

...

titleTechnical Information

Note: The reason that userDnPatterns is suggested when using Kerberos or Windows domain notation is that the LdapUserSearch implementations do not give the control over the DN that userDnPatterns does. (The LdapUserSearch implementations try to derive the DN in the standard format, which may or may not work in Active Directory.)

Note however that Pentaho's LdapUserDetailsService requires an LdapUserSearch for its userSearch property.

...