This repository has been archived on 2024-05-31. You can view files and clone it, but cannot push or open issues or pull requests.
authentik/website/docs/integrations/sources/active-directory/index.md
Jens L 7be680cbe5
Migrate to Docusaurus (#329)
* docs: initial migration to docusaurus

* website: add custom font, update blurbs and icons

* website: update splash

* root: update links to docs

* flows: use .pbflow extension so docusaurus doesn't mangle the files

* e2e: workaround prospector

* Squashed commit of the following:

commit 1248585dca
Author: Jens Langhammer <jens.langhammer@beryju.org>
Date:   Sun Nov 15 20:46:53 2020 +0100

    e2e: attempt to fix prospector error again

commit 1319c480c4
Author: Jens Langhammer <jens.langhammer@beryju.org>
Date:   Sun Nov 15 20:41:35 2020 +0100

    ci: install previous python version for upgrade testing

* web: update accent colours and format

* website: format markdown files

* website: fix colours for text

* website: switch to temporary accent colour to improve readability

* flows: fix path for TestTransferDocs

* flows: fix formatting of tests
2020-11-15 22:42:02 +01:00

2 KiB

title
Active Directory

Preparation

The following placeholders will be used:

  • ad.company is the Name of the Active Directory domain.
  • passbook.company is the FQDN of the passbook install.

Active Directory Setup

  1. Open Active Directory Users and Computers

  2. Create a user in Active Directory, matching your naming scheme

  3. Give the User a password, generated using for example pwgen 64 1.

  4. Open the Delegation of Control Wizard by right-clicking the domain.

  5. Select the passbook service user you've just created.

  6. Ensure the "Reset user password and force password change at next logon" Option is checked.

passbook Setup

In passbook, create a new LDAP Source in Administration -> Sources.

Use these settings:

  • Server URI: ldap://ad.company

    For passbook to be able to write passwords back to Active Directory, make sure to use ldaps://

  • Bind CN: <name of your service user>@ad.company

  • Bind Password: The password you've given the user above

  • Base DN: The base DN which you want passbook to sync

  • Property Mappings: Select all and click the right arrow

The other settings might need to be adjusted based on the setup of your domain.

  • Addition User/Group DN: Additional DN which is prepended to your Base DN for user synchronization.
  • Addition Group DN: Additional DN which is prepended to your Base DN for group synchronization.
  • User object filter: Which objects should be considered users.
  • Group object filter: Which objects should be considered groups.
  • User group membership field: Which user field saves the group membership
  • Object uniqueness field: A user field which contains a unique Identifier
  • Sync parent group: If enabled, all synchronized groups will be given this group as a parent.

After you save the source, a synchronization will start in the background. When its done, you cen see the summary on the System Tasks page.