Enabling Active Directory authentication from multiple forests

Contents[Hide]

1. Overview

Active Directory authentication in Dundas BI can be set up using several configuration settings or using a Forest Manifest. The manifest is a JSON array that defines and configures one or more Active Directory domains. 

Note
When using the Forest Manifest configuration setting, Dundas BI will ignore the other Active Directory configuration settings.

2. Forest manifest

To create the manifest, open the Admin section of Dundas BI, then select Setup and Config.

Change the Category to Authentication.Active Directory and tick the Show advanced Settings checkbox, then click edit next to Forest Manifest.

Edit the Forest Manifest configuration
Edit the Forest Manifest configuration

2.1. Manifest properties

The manifest is configured in the form of a JSON array containing the following properties of any desired Active Directory forests:

  • ForestName (optional). Specifies the name of the forest. This property must be unique across all the forests in the manifest. If not specified, the name of the forest associated with the server's domain will be used. 
  • Domains. A case-insensitive list of domain names that map to the forest.
  • ServerName (optional). Specifies the name of the domain or domain controller to which Active Directory queries will be directed for this forest. If not specified, the name of the forest will be used,
  • UserName (optional). The name of the user to use when querying Active Directory. If not specified, explicit credentials will not be used when querying.
  • Password (optional). The password of the user to use when querying Active Directory. If not specified, an explicit password will not be used when querying.
  • BindOptions (optional). Specifies options that are used when binding to the Active Directory server. If not specified, the default value will be used (Negotiate, Signing, Sealing). For a full list of options, see the Microsoft ContextOptions Enumeration.
  • ContainerDN (optional). Specifies the distinguished name (DN) of the container to use when binding to Active Directory. If not specified, no container will be specified in the connection.
  • SimpleBindOverSslSupported (optional). A Boolean value indicating whether the Active Directory server supports simple bind connections using Secure Sockets Layer (SSL). If disabled, the validation of user-entered Windows credentials may cause the system to perform the additional step of translating the supplied down-level logon name to User Principal Name (UPN) format. If not specified, the default value will be used (True).

2.2. Example

Click Edit value and paste the JSON array into the text field. The following example configures two forests in the most basic way, the first of which specifies the forest associated with the server's domain:

[
  {
    "Domains": [ "example.com", "example" ],
  },
  {
    "ForestName": "rootdomain.local",
    "Domains": [ "rootdomain", "rootdomain.local", "sample.sample" ],
  }
]

Manifest example with two forests
Manifest example with two forests

3. See also

Dundas Data Visualization, Inc.
500-250 Ferrand Drive
Toronto, ON, Canada
M3C 3G8

North America: 1.800.463.1492
International: 1.416.467.5100

Dundas Support Hours: 7am-6pm, ET, Mon-Fri