Active Directory Connection (Magic xpa 3.x)
When a user binds to an Active Directory server (System Logon = Active Directory), Magic xpa uses the logon name and password entered when logging onto Windows to retrieve the user’s rights as defined in the Active Directory.
Active Directory matches a ‘Group’ that the Logged-On user belongs to with a group in Magic xpa’s Security File.
Note: When you set the System Logon setting to Active Directory, no manipulation of the Magic security file is allowed.
If a match is found, all the rights that belong to that group will be granted to the user. It is important to note that under this schema, there is no need to define individual users in the Magic xpa security file, only groups. Once the System Logon environment setting is set to Active Directory, the logon to the Magic xpa engine is performed automatically according to the user who is currently logged on to the network.
To define the Active Directory or ADS details, you need to define the following secret names:
1. Directory_Binding – The directory to connect to.
The Directory_Binding value is of the following syntax:
WinNT:[//DomainName[/ComputerName[/ObjectName[,className]]]]
For example, if you have an NT Active Directory Domain server called MyADSServer and all machines are connected to this domain then you need to put the string (case sensitive, machine name is in uppercase) "WinNT://MYADSSERVER/" (the / at the end is very important)
Example 2: If you want to get the ADS details of a machine connected to the domain server then it's: WinNT://MYADSSERVER/MYCOMPUTERNAME/"
2. Domain_Name – The name of the domain (the machine you want to query the "member of" list for the User currently logged in).
For example : MYADSSERVER or MYCOMPUTERNAME (if the user is logging the local machine and not the domain)
Next, in Magic xpa you need to define in the security file groups with the name matching the name of the groups that interests you in the ADS server. To each group you set the relevant Magic xpa rights.
When Magic xpa loads, it will take the current user details and query the ADS Server for the list of all the groups that the user is member of. This list once fetched will be matched (case sensitive) with the groups in the security file of Magic xpa. If there's a match the rights of that Magic xpa group will be added to the user's session.