The Active Directory Connector uses an enterprise Active Directory directory service to provide attributes used for:
- migrating user profile information from legacy to cloud identity systems,
- adding HTTP headers consumed by on-premises applications, or
- maintaining state for user sessions as they move across identity systems and applications.
Configuration options
The following values can be provided to the Active Directory connector via the Maverics configuration file.
URL
url are the URL(s) of the Active Directory server that Maverics connects with. Both a single URL and a list of URLs are supported. When multiples URLs are provided, a round-robin load balancing scheme will be used to distribute traffic.
Service Account Username
serviceAccountUsername is the username used to connect to the Active Directory server.
Service Account Password
serviceAccountPassword is the password used to connect to the Active Directory server.
Base DN
baseDN specifies the location in which to perform the Active Directory search.
Username Search Key
usernameSearchKey is the search key to filter on during when searching for a user.
Attribute Delimiter
attributeDelimiter is the delimiter used to separate multi-valued attributes. This is an optional field and is only necessary if an attribute is multi-valued. If no value is provided, a default of "," will be used for the delimiter.
Health Check
healthCheck defines an optional health check for the connector. This option is required when using the connector in an IDP-continuity scenario. For more info on how to define the health check, please see the docs.
Examples
Sample Active Directory Connector Configuration
connectors:
- name: ad-example
type: activedirectory
url:
- "ldap://node1.ldap.com"
- "ldap://node2.ldap.com"
baseDN: ou=People,o=Example,c=US
serviceAccountUsername: uid=admin,ou=Admins,o=Example,c=US
serviceAccountPassword: password
usernameSearchKey: uid
attributeDelimiter: ^