ISSUE
Discussion and suggestions for creating AD SSO so that Admin Console can populate a list of users from which to manage licensing.
Note: This article assumes that Admin Console has been installed and the appropriate licensing has been configured.
Solution
Select User ID Management --> Single Sign on --> LDAP --> Microsoft AD
Server Settings
Name: any logical name
Directory Type: Microsoft Active Directory
Hostname: simple name of Admin Console server or fully-qualified name
Port: 389
User Name: can be several formats ... you are using this name as Authentication to AD to get the list of Users, so it must be an Admin level.
cn=Administrator,cn=Users,dc=deltaconsulting,dc=tech
Hint: within Active Directory Users & Computers, locate the User Name to be used. Open Properties, select Attibute Editor and scroll to Distinguished Name. Copy this entry to be used in the User Name field.
CN=Dennis Sauer,CN=Users,DC=deltaconsulting,DC=tech
deltaconsulting.tech\Administrator
Password to the User Name: hidden
LDAP Schema
Base DN: cn=users,DC=deltaconsulting,DC=tech
This is from where the users will be drawn. Check the differences between OU and CN in order to be sure to use the correct LDAP syntax.
User Schema Settings
User Object Filer: (objectCategory=CN=Person,CN=Schema,CN=Configuration,DC=deltaconsulting,DC=tech)
Check the differences between OU and CN in order to be sure to use the correct LDAP syntax.
Group Schema Settings
Group Object Filter: (|(objectClass=group)(objectClass=organizationalUnit)) Shouldn't be changed
Membership Schema Settings
Once saved, Click Sync Now to be sure that it works.
