The following AD configuration has been driven by customer requests. As far as we know, this is “a best practice” way of doing it. There might be other approaches. But for this feature to work out-of-the-box, you need to follow the information contained within this document. Changes/feature request are subject to paid feature development.
TABLE OF CONTENTS
- Active Directory Advanced Features configuration
- farmerswife’s Microsoft Active Directory® Connector setup
- Testing the Connector Setup
Active Directory Advanced Features configuration
In order to be able to view all setting options of Active Directory, the Advanced Features options must be turned on.
Organizational Unit (OU)
Use Organizational Units (OU) so that Groups can be organized within an OU. The MSAD Groups are the mapping point for the WIFE Permission Profiles.
Within MSAD OUs or the Users main group is where User Groups are created. These are the groups that will later be linked to farmerswife’s Permission Profiles (mapping point) and from which the user’s details will be imported. A group needs a Group name, Group scope and Group type to be set.
Once the Group is created, the connection Query String needed in WIFE can be found in the Attribute Editor tab in the Attribute distinguishedName value:
User Properties from MSAD and/or MS Exchange
Users can be imported into Active Directory from Microsoft Exchange or inserted directly from Active Directory.
Created on MSAD: Nickname (= login Name) field in farmerswife will be “userPrincipalName”:
From MS Exchange: Nickname (= login Name) field in farmerswife will be “mailNickname”:
farmerswife’s Microsoft Active Directory® Connector setup
Go to WIFE Server > Setup > Users > Microsoft Active Directory Connector:
Fields to be defined:
- Enabled Yes/No (default): set this to Yes to activate the Active Directory integration.
- Port: this is the dedicated port field to MSAD on the AD Server machine. This needs to be accessible from the WIFE Server host machine.
- Address: the MSAD Server address; this can be the IP or host/domain name.
- Admin User: this can be the MSAD “Admin” admin user, but also a regular user who is allowed to query the other users calendars.
- Password: the “Admin User’s” password
- Test: The Test button will check that the connection details are correct and a connection to the MSAD Server can be established.
- Authentication Domain: when setting this up, first try by leaving this field empty.
- Debug Yes/No (default): use this for debugging purposes. To enable set it to Yes. The debugging results are stored in “MSAD_DEBUG_id...txt” files within the WIFE Server’s “system” folder. User Groups and Sync Now are explained on the following pages.
User Group Settings in farmerswife
The information entered here, defines where and how users are created in farmerswife.
Fields to be defined in the User Group window
Use the + icon to create a new User Group.
- Group Name: The display name in farmerswife for the User Group.
- Base Object String: From MSAD “Attribute Editor” “distinguishedName” field, last 2 positions DC.
- Query String: From MSAD “Attribute Editor” “distinguishedName” field. OU Grouping will be treated the same way, just using more attributes.
- User License Type: Web or Advanced; this defines the WIFE user type all users within this Group will be using.
- Permission Profile: Dependent of User License Type. The Permission Profile(s) must first be defined on a manually created user within farmerswife; for more information use the separate “User_Permission_and_Setup_5.0.pdf”.
- Division: This setting applies if the additional purchased “Divisions” option is available (configured in WIFE Server > Setup > General > Divisions.
- User Category: This option sets in which of the 3 available User categories/types in WIFE the users from this MSAD will be created in.
Testing the Connector Setup
Once the connection details have been entered please use the Test button.
The Group must have users defined to ensure the test is correct and can work.
If the test returns 0 users, this means that the configuration is not correct in some detail. Use the “Debug” option (see page 4) to assist your troubleshooting.
Syncing the users from the WIFE Server and the WIFE Client
The “Sync Now” button in WIFE Server > Setup > Users > Microsoft Active Directory Connector will import and update users from the different Groups in AD as per the above explained configuration steps; see the example in the below screen shot.
The sync intervals are defined by an "Advanced" user with permission to access the "Object Manager / Server" setup.
In WIFE Client, go to Toolbox > Settings > Server Setup > Microsoft Active Directory Connector:
Sync Time: Never, Every 5 Minutes, 10, 15, 30, 45, 60, 120, 180.
Sync Now: to simply trigger a sync.
User de-activation in MSAD
If a user is not present anymore in MASD it will be de-activated in farmerswife upon the next Sync; see the screen shot below: the Active button on the user will then be set to No.
The Modify User window from a user created by Active Directory
The Microsoft Active Directory© Connector options are:
- “Disabled: Use Password From FW To Authenticate”: The user properties will not be inherited from Active Directory. The user’s password is therefore defined in farmerswife.
- “Enabled: Authenticate, Sync Profile And Possible Properties”: Authentication via MSAD, import of profile properties from MSAD and Active Status. User License Type and Permission Profile are dependent of “User Group” definition (see the above screen shot).
- “Enabled: Authenticate And Sync Active Status”: Authentication via MSAD and Active Status. Other field values on the Modify User window (see the above screen shot) are manually entered within WIFE and don’t come from MSAD.