Active Directory connection

The appliance needs read-only access to a Microsoft Active Directory (AD) service through a read-only user account. The appliance communicates with the Active Directory using Lightweight Directory Access Protocol (LDAP), The LDAP port is configurable - the default is port 389.

Secure LDAP configuration in File Director

Enhancements to secure LDAP communication between the appliance and AD were introduced in File Director 2020.1 and validation of private (or Enterprise) CAs is now a requirement. When configuring new LDAP servers within the Admin Console, they will now default to using SSL to secure the LDAP communication between Active Directory and the appliance.

Unlike commonly trusted (public) certificates, any trusted root certificates from private CAs will need to be added to the File Director appliance for validation to succeed. See also Trusted Root CA.

For further information about File Director and secure LDAP, refer to this Ivanti Community article.

Configure the Active Directory connection

To use a name for the directory server you must set the DNS IP address and search domains first.

  1. Select Configuration > Directory Services and click Add New AD.
  2. Complete the following Active Directory settings:
    • Name - A descriptive name for the server. This is a free text field used to easily identify servers.
    • Server - The name or IP address of the LDAP server.
      Note that if SSL is enabled, the server must be specified using the fully-qualified domain name. Refer to the Trusted root CA help topic.
    • Port - The port for your AD. The default for LDAP communication is 389.
    • Home Directory Field - Select which field to use for active directory. The default setting is homeDirectory but this can be changed to use a different AD attribute or disabled if required. This field corresponds to the active directory Attribute Editor properties. You can use any of the attributes defined in the domain controller and add a value. Changing the attribute in the Admin console changes the value read on the DC.
    • Bind User - A username with read permissions to the required records. This user account is used by the appliance to synchronize with the directory. Format - username@domain or domain\user.
    • Bind Password - The password for the bind user.
    • Enable SSL - Adds further encryption between the File Director and LDAP servers. When this option is applied, the port setting is automatically updated to use port 636.

    Active Directory Configuration

  3. Click Save to commit your Active Directory settings.
  4. Reboot the appliance.
  5. Following the appliance restart, select Home > Status to verify that the WebServer, Appliance Services, File Director Server and Active Directory have been configured.

    Check Appliance Status

Set Home map point source

Select where the Home map point is derived from:

  • None
  • Active Directory
  • OneDrive

For further information about using OneDrive as the home map point, see OneDrive connector for Home map points.

Next step

Related topics