- Active Directory (AD) - If the application is spread across two or more servers (which is recommended), then an Active Directory MUST BE USED.
- Local OS - To use the Local OS framework, the entire application must be installed on a single server to operate correctly (including data sources).
During installation, the PRIMARY domain is configured and added to the domain access list. Administrators can edit this domain, add more domains (in a multi-domain deployment), or delete any deprecated domains as needed from this panel.
Each domain requires the following settings:
- Security Type: Active Directory or Local OS
- Cross domain group security: if checked, the user will be searchable from any domain, in case the user is a group member in other domains. This will allow the client application lookup to find all the user’s places of access.
NOTE: This is only relevant when the environment is a multi-domain environment which has mixed groups (groups in one domain which has groups from the other domains as members).
- Use secure model (AD only): If checked, this will allow administrators to set whether the LDAP queries used against the active directory will happen using SSL and on a designated port. It will also allow the interface to accept LDAPS addresses.
- Domain Address: For Local OS, this is usually "WinNT://MachineName" (note that 'WinNT' is case sensitive). For an Active Directory, this is usually "LDAP://dc=x, dc= y, dc=z", where x.y.z are the constituent parts of the Active Directory domain address (for instance 'intranet.pyramid.com')
- Domain Name: For Local OS this is either the 'WORKGROUP' domain or the machine's name. For an Active Directory, this is often the 'x' in the domain address (as per above it would be "intranet" from 'intranet.pyramid.com').
NOTE: the domain name cannot be more than 12 characters in length to comply with older NTLM standards.
NOTE: The Active Directory can be based on Windows Server 2003, 2008 or 2012. All servers used in the application deployment, should be part of the Active Directory BEFORE attempting to install the application.
Domain User Settings
A user account must be set for each domain to provide READ access to the designated security domain. When using a multi-domain model, each domain should have a relevant account that can access the specified domain. In some situations, this account can be the same across all domains supplied - depending on your specific Active Directory setup.