The following example details will be required for the directory connection in AppsAnywhere.
-
Refer to Connectivity Requirements to ensure the network requirements are in place
-
Creating SAML Attribute Mappings can be configured instead of or in addition to a Directory connection
Active Directory Information
|
Directory Type |
Active Directory |
|
LDAPS Hostname |
domain.uni.edu |
|
Full Domain Name |
domain.uni.edu |
|
Short Domain Name |
university |
|
Domain Suffixes |
uni.com,uni.local |
|
Base DN |
dc=domain,dc=uni,dc=edu |
|
Certificate Required |
No |
|
Port |
636 |
-
If domain controllers require a certificate for LDAPS connections, the Root CA Certificate will need to be provided to AppsAnywhere and added to the servers.
-
The certificate should be in the X.509 Base64 .CRT format with the filename ldaps-ca.crt and saved to a location that is accessible by AppsAnywhere Support.
-
By default, all domain controllers are configured to accept LDAPS connections on port 636. If this is permitted without the need for an SSL certificate, no further action is needed.
Active Directory Attributes
If access control (ACL) is applied to the LDAP directory that AppsAnywhere connects to, the following list of attributes should be made available to the AppsAnywhere service account.
AppsAnywhere can be configured with additional attributes to search on when creating the LDAP connection.
Any additional attributes configured for the search will also need ACLs applied to allow the AppsAnywhere service account to read them.
-
dn
-
cn
-
displayName
-
objectClass
-
memberOf
-
primaryGroupId
-
sAMAccountType
-
sAMAccountName
-
userPrincipalName
-
objectGUID
-
objectSid
OpenLDAP information
|
Directory Type |
OpenLDAP |
|
LDAPS Hostname |
domain.uni.edu |
|
Full Domain Name |
domain.uni.edu |
|
Short Domain Name |
university |
|
Domain Suffixes |
uni.com,uni.local |
|
Base DN |
dc=domain,dc=uni,dc=edu |
|
Certificate Required |
No |
|
Account Filter Format |
(&(objectClass=user)(sAMAccountName=%s)) |
|
User classes |
person;user |
|
Group classes |
group |
|
Search Attributes |
cn |
|
Port |
636 |
OpenLDAP Attributes
If access control (ACL) is applied to the LDAP directory that AppsAnywhere connects to, the following list of attributes should be made available to the AppsAnywhere service account.
AppsAnywhere can be configured with additional attributes to search on when creating the LDAP connection.
Any additional attributes configured for the search will also need ACLs applied to allow the AppsAnywhere service account to read them.
-
dn
-
cn
-
givenName
-
objectClass
-
memberUid
-
member
-
uniqueMember
-
uid
-
entryUUID