How To Setup Active Directory Authentication In OpenAM
If your organization uses Microsoft Active Directory for user storage, it is a good practice to use Active Directory user accounts to authenticate in all your enterprise applications. OpenAM supports Microsoft Active Directory
But setting up Microsoft Active Directory as a user data store could be tricky. In this article, we'll help you to set up user data store in OpenAM
Enterprise users should be in a separate realm.
NOTE
Of course, you can use an existing realm or even use different data stores in a single realm in OpenAM. But in this manual, we will create a separate realm and a sigle data store for employees
So login in OpenAM console as amadmin and create realm /staff. Delete default user Data Store in /staff realm.
Then create Active Directory data store with type Active Directory.
There are the most important settings in a table below:
| Setting | Value |
|---|---|
| Ldap Server | AD host and port, for example: ad.example.com:389 |
| LDAP Bind DN | Bund DN or user name for AD, for example EXAMPLE\Administrator
|
| LDAP Bind Password | Bind DN password |
| LDAP Organization DN | DN where users are located DC=ad,DC=example,DC=com |
| LDAP Connection Pool Maximum Size | 128 |
| Attribute Name Mapping | uid=sAMAccountName userPassword=unicodePwd |
| LDAPv3 Plug-in Supported Types and Operations | user=read group=read realm=read |
| LDAP Users Search Attribute: | sAMAccountName |
| LDAP Users Search Filter | (objectclass=person) |
| DN Cache | Enabled |
If you set all settings correctly, you should see user account form your active directory, in Subjects tab in the realm.
Then test authentication: Open OpenAM URL in your browser, for example
For XUI:
http://openam.example.org:8080/openam/XUI/?org=/staff#login/
For legacy UI:
http://openam.example.org:8080/openam/UI/Login?org=/staff
Enter your Active Directory credentials, and you should be successfully authenticated
