Allows Framework authentication to operate against ActiveDirectory server instead of comparing against an encrypted password stored in the Accelerator database.
- Requires one config setting to activate, and three settings to configure.
- Can use explicit values for the config settings, or can use the account running the DAL framework.
- Framework authorization data is still in Accelerator Database.
The following settings are added to the Accelerator web.config file.
<appSettings> <add key="UseActiveDirectoryAuthenticationForFramework" value="True" /> <add key="ActiveDirectoryQueryUsername" value="" /> <add key="ActiveDirectoryQueryPassword" value="" /> <add key="ActiveDirectoryConnectionPath" value="LDAP://xxx.xxx.xx.xx" /> </appSettings>
The first one turns AD authentication on if the value is True (not case sensitive) and off otherwise. The next two settings specify an Active Directory account which has permission to talk to the Active Directory server. Any AD account can generally work here. The final setting specifies the URL for the Active Directory server.
If the last three settings are not set but authorization is turned on, then the account running the process will be used.
Even though the Authentication is performed via Active Directory, the User must exist in the Accelerator User File with a valid User Group that will give them access to the system. All security access to the system, applications, modules, commands etc. is driven by the User Groups assigned to the User.