Creating NEW User in AD for UIM LDAP Integration.
Open the “Server Manager” in Windows server and Expand Active Directory domain services and Right click on “Users” and go to “New” and click on “User”
Give the Display Name and required user name and click on “Next”.
Click on “Finish”.
(Optional) Create a NEW Group (create as per below screenshots) if required.
Add the user to group. Right click on username and click on “Add to a group”.
Verify the user have been added to group. Right click on username and click on “Properties”.
Integrate UIM and LDAP.
Open Hub configuration and click on Settings.
Go to “LDAP” tab and give AD server IP address and then click on “Lookup”. It would list “Group Container (DN)” and “User Container (DN)” if the lookup is successful.
Select “Authentication sequence” as LDAP->Nimsoft
Provide the AD user created. Note that sometimes it may requires domain need to mention (domain\username).
Click on “Test”. Test connection should be successful.
Create an ACL for AD user to access UIM.
Go to “Security” and click on “Manage Access Control List”.
Click on New and mention the required name then select the required option for “Copy Settings from” and click on “OK”.
Select “Make ACL Permission available for Account/Contacts” option.
Select the new ACL created under left pane, and click on “Set Account Link”.
Click on “New Account…” and then select the hub name and click on “OK”.
Select newly created Account link and then click on OK.
Click on “Set LDAP Group” and select the required AD group (to which the AD user have been added or part of) and then click on “OK”.
Go to Hub “Raw Configure” option, expand “ldap-> templates” and click on “Active Directory”.
Note: After hub v5.69, the hub was changed so that the filter_user key (edited through raw configuration) contains a dynamic value for $loginname.
Open key “filter_user” and add the below line and click on “OK”.
Whereas this was previously hard-coded at: userPrincipleName=$loginname, now, $attr_usr_id=$loginname.
Therefore, the attr_usr_id (also modified through Raw Configuration) can be modified to any desired Active Directory attribute.
This would then translate to the AD attribute users would use for authentication when logging in to the hub (or UMP).
attr_usr_id = <AD User Attribute> ie. userPrincipalName, mail, displayName
filter_user = (&(objectClass=person)(|($attr_usr_id=$loginname)(sAMAccountName=$loginname)))
Finally, you can try logging in with new AD user created. Go to “Security” and click “Login”