Active Directory authentication Instance
This manual lists all the configurations that the S-Filer Portal's Configuration CLI can change about the Active Directory authentication Instance.
| Configuration key | Description | Default value |
|---|---|---|
| cfg. | The Base URL used in mail notifications for users in this domain. As an example, this allows setting a different URL for employees and partners, assuming they are in different domains and there are multiple web interfaces configured. | https://localhost/sfiler/ |
| cfg. | Select « Yes » to enable this authentication mechanism. Remember to turn on the multi-domain feature in the Web GUI configuration to be able to use it in the web interface. | false |
| cfg. | If this value is positive, the adoption will be done for this mechanism. The system will then adopt the user from the external user registry into the S-Filer system. Adoption occurs whenever the adoption task runs. This task can be scheduled in the scheduler section of the server configuration. | false |
| cfg. | Activate the Email Notification parameter for the adopted user. | TRUE |
| cfg. | The base DN (search base) for the search in the directory that will be performed by this rule. | |
| cfg. | Determines whether groups retrieved from the repository should be created in S-Filer. | |
| cfg. | Exclusion Filter parameter (LDAP based search filter). This makes it possible to exclude specific entries of the adoption process. Ex: (mail=*@example.com) | |
| cfg. | This parameter makes it possible to avoid the creation of some specific groups. This option will be used only if "Create group" is set to Yes. Follow with a semi-colon-separated list of groups you wish to exclude from the adoption. | |
| cfg. | Inclusion Filter parameter (LDAP based search filter). This makes it possible to limit the number of entries of the adoption process. Ex: (mail=*@example.com) | |
| cfg. | Determines whether members of a group will be adopted (if not already adopted) and become member of the corresponding group in S-Filer. | TRUE |
| cfg. | This parameter makes it possible to limit the group creation to certain entries only. This option will be used only if "Create group" is set to Yes. Follow with a semi-colon-separated list of groups you wish to adopt. | |
| cfg. | Determine the search level. | 1 |
| cfg. | Enter the list of S-Filer groups that should be granted automatically to users once adopted. Enter the group names exactly as they appear in S-Filer separated by ';'. | |
| cfg. | This is the attribute that contains the username to use in the login page. Specify an attribute in the LDAP directory (e.g., 'cn', 'sAMAccountName', 'uid'). | sAMAccountName |
| cfg. | This is the attribute that identifies the LDAP entry, commonly called the RDN (e.g., 'cn'). | cn |
| cfg. | This is the attribute that contains the display name of the user (e.g., 'Jean Martin'). Specify an attribute in the LDAP directory (e.g., 'sn', 'displayName'). | displayName |
| cfg. | This is the attribute that contains the email address of the user. Specify an attribute in the LDAP directory (e.g., 'email'). | |
| cfg. | LDAP attribute name indicating a group member (e.g., 'member'). | member |
| cfg. | The object class to use when looking for groups in the LDAP directory (e.g., 'group', 'groupOfNames', 'groupOfUniqueNames'). | group |
| cfg. | The object class to use when looking for users in the LDAP directory (e.g., 'person', 'inetOrgPerson'). | person |
| cfg. | If auto enrollment is true, the authentication for an unknown user account will be attempted and if it succeeds, the user account will be created in S-Filer. If it is set to false the authentication for an unknown user account won't be attempted, this will avoid locking AD/LDAP accounts that are not defined in the adoption policy. | false |
| cfg. | This is the default role assigned to a user who is created in this domain (by adoption or auto enrollment). | 0 |
| cfg. | This is the IP address or hostname of the KDC (Key Distribution Center), e.g., mainkdc.okiok.com) | |
| cfg. | This is the Kerberos Domain name (Windows Domain) in uppercase, e.g., OKIOK.COM | |
| cfg. | Select « Yes » to allow users to authenticate via SSO. | false |
| cfg. | This is the path to the keytab file (on Windows, generated using the ktpass utility). | |
| cfg. | The name of the principal to use in the keytab file, e.g., HTTP/hostname.domain.com@DOMAIN.COM) | |
| cfg. | Select « Yes » to force all users in this domain to use multi-factor authentication (MFA). A user trying to login will be forced to configure its MFA if he has not already done so. | false |
| cfg. | Maximum number of simultaneous connections to the LDAP directory. | 10 |
| cfg. | Number of milliseconds after which the S-Filer server will stop waiting for a connection to the LDAP server. | 30000 |
| cfg. | Administrator authentication password. | password |
| cfg. | Administrative user ID used to access the LDAP Directory. | demoadministrator |
| cfg. | Tell the system if it must follow the LDAP Referral | true |
| cfg. | Host name or IP address of the LDAP Directory. | 127.0.0.1 |
| cfg. | Port used to access the LDAP Directory. | 389 |
| cfg. | Whether SSL should be used to access LDAP. | false |
| cfg. | Java class used as an LDAP Provider. | com.sun.jndi.ldap.LdapCtxFactory |
| cfg. | Number of milliseconds after which the S-Filer server will stop waiting for a response from the LDAP server. | 900000 |
| cfg. | Base DN of the S-Filer System in the LDAP Directory. | CN=Users,DC=demo,DC=local |
| cfg. | Whether accounts in this authentication domain are case sensitive or not. (Example: In Windows, accounts are NOT case sensitive. User 'test' is equivalent to user 'TEST'.) | False |