Remote Active Directory Agent Configuration

Note: You must install Oracle WebCenter Interaction Identity Service for Active Directory to access this functionality.

To specify the settings for the Active Directory domain with which you want to authenticate or synchronize:

1. In the Active Directory Server Address box, type the computer name or the IP address for the computer which hosts Active Directory: for example, myServer or 192.168.2.3.

2. In the Security Mode box, type 0 for cleartext password authentication (no security), type 1 for secure authentication or type 2 for SSL password authentication that requires SSL certificates on the Active Directory server.

3. If necessary, in the User Query Base box, type the base of the Active Directory query that returns all of the users that you want to synchronize. Together with the domain name, this forms the base of a query for all users in this Authentication Source. The base defines where in the Active Directory system the portal starts searching for users.
   
   Leave this box blank if you want to search the entire directory.

4. In the User Query Filter box, type a filter that limits the results to only the users you want to import.

5. In the User Name Attribute box, type the attribute that contains the name of the user: for example, samAccountName.

6. If necessary, in the User Authentication Attribute box, type the attribute that contains the authentication name of the user. This attribute is passed to Active Directory to log in to the portal: for example, userPrincipalName, (user@domain.company.com).
   
   Because the default behavior for Active Directory authenticates using the distinguishedName value, if you leave the User Authentication Attribute box empty, the distinguishedName attribute is used. However, the distinguishedName can be used only in Security Mode 0. If you are not using Security Mode 0 or if your Active Directory system uses another attribute for authentication, type the name of that attribute in the User Authentication Attribute box.

7. If necessary, in the Group Query Base box, type the base of the Active Directory query that returns all of the groups that you want to synchronize. Together with the domain name, this forms the base of a query for all groups in this Authentication Source. The base defines where in the Active Directory system the portal starts searching for groups.
   
   Leave this box blank if you want to search the entire directory.

8. In the Group Query Filter box, type a filter that limits the results to only the groups you want to import: for example, objectclass=Group.

9. In the Group Name Attribute box, type the attribute that contains the name of the group: for example, cn.

10. If necessary, in the Active Directory User's Authentication Name box, type the user's authentication name for this Authentication Source. Some Active Directory systems allow anonymous access, in which case you can leave the name and password blank.

11. If you entered a user authentication name, in the Active Directory User's Authentication Password box, type the password associated with this user. Type the same password in the Confirm box. The password is not encrypted before it is stored.

12. If you have an alternate port to which this Active Directory system connects, in the Alternate Port box, type the port number.

13. Active Directory defaults to a page size of 1000. If your implementation of Active Directory has increased or decreased this page size, in the Active Directory Page Size box, adjust this number accordingly. This number must be equal to or lower than the max page size in Active Directory.