Documentation

Active Directory basic settings (7.1.1)

Active Directory basic settings

If ThoughtFarmer will be integrated with multiple Active Directories, you will need to follow the instructions below for each Active Directory.

Active Directory service account

In order for ThoughtFarmer to access an Active Directory it needs to use the credentials of an AD account that has the appropriate permissions. This is a service account that should NOT have a password expiry set. If there is a password expiry set, ThoughtFarmer authentication and other components may fail.

To use all of the Active Directory integration features of ThoughtFarmer this account needs to have read and write access. For permission information please see AD security permissions. Please also see the page Features requiring write access to Active Directory.

If you do not intend to use these features, or if your security protocols restrict this usage, then read-only access to AD is sufficient.

Add new Active Directory

  1. Go to the ThoughtFarmer Administration panel: Authentication section > Active Directory page.
  2. Click Add new Active Directory.
  3. Click enable beside Status.
  4. In the Title box, enter the Active Directory name.
  5. Click Save. You will be taken to the configuration page for the Active Directory that you just created.

Configure Active Directory integration

  1. Go to the Administration panel > Authentication section: Active Directory page, and click on the Active Directory that you want to configure. (If you just followed the steps above to add a new Active Directory, you are already on the right page.)
  2. On the right of the Active Directory settings section, click Change. You will be taken to the Active Directory basic settings page.
  3. Enter your domain name in the AD domain field.

    5.5Admin6079ConfigureADIntegration3.png

  4. Enter the AD service account name in the AD user login name field. (See above for details about the AD service account.)
  5. Enter the AD service account password in the Password field.
  6. (Optional) Under User authentication settings, select the checkbox "Allow password changes with a warning period of X days." (X represents the number of days (before the password expiry date) that users are warned to change their password.)
  7. (Optional) Under User authentication settings, select the checkbox "Check user is still active" to enable TF to check if the user is still set as active in AD.
  8. Under Incoming mail domains, enter the Internet email domain and the LAN email domain.
  9. (Optional) Under Properties, enable write access by clicking "Yes" under Enable write access to Active Directory? (See more information on write access below.)
  10. (Optional) Under Properties, enable LDAPS connection to Active Directory by clicking "Yes" under Enable LDAPS connection to Active Directory?
  11. Click Save settings.

Write access

Set the write access radio button to the appropriate value for your desired feature set. Whatever the AD user permissions and ThoughtFarmer configuration, disabling write access here will ensure that no information in your Active Directory will ever be altered. Please see Features requiring write access to Active Directory for more information.