User synchronization
You can synchronize Active Directory users with DataCatalog users after saving connection settings for Active Directory.
-
Obtain the information required for settings from Active Directory in advance.
-
The statuses of users who are added by user synchronization are disabled. Enable the statuses as needed.
-
The initial password for a user who is registered by user synchronization is an email address prefixed with "AD". When you log in with local authentication for the first time, enter the initial password.
1. Set the following fields on the Active Directory connection settings screen in the Settings menu.
|
Field name |
Description |
|---|---|
|
Enable TLS (ON/OFF) |
When this field is ON, HULFT DataCatalog connects to Active Directory with TLS. |
|
Host name |
Specify the Active Directory host name to connect to. |
|
Port number |
Specify the Active Directory port number to connect to. |
|
Authentication mechanism |
Select [Simple] (simple authentication) or [GSS-API] (Kerberos authentication). |
|
User name |
Specify the user to connect to Active Directory. |
|
Password |
Specify the password of the user to connect to Active Directory. |
|
Base DN |
Specify the distinguished name (Base DN) that indicates the start position for searching. |
|
Filter |
Specify the LDAP query that is the filter condition. |
|
Attribute name mapped to Name |
Specify the attribute name in Active Directory to allocate to "Name" in the user information. |
|
UPN attribute name |
Specify the attribute name in Active Directory to allocate to "Email address" in the user information. |
|
Attribute name mapped to Organization |
Specify the attribute name in Active Directory to allocate to "Organization" in the user information. |
|
Connection timeout (ms) |
Specify the connection timeout value in milliseconds. |
|
Read timeout (ms) |
Specify the reading timeout value in milliseconds. |
|
Query time limit (ms) |
Specify the query timeout value in milliseconds. |
When you select "GSS-API" for "Authentication mechanism," place krb5.conf on the same level as DataCatalog.jar.
The contents to write in "krb5.conf" are as follows:
krb5.conf[libdefaults]
default_realm = <Kerberos realm>
[realms]
<Kerberos realm> = {
kdc = <KDC FQDN>
}
[domain_realm]
.<Active Directory FQDN> = <Kerberos realm>
<Active Directory FQDN> = <Kerberos realm>
-
<Kerberos realm>: <Active Directory FQDN> in all uppercase characters
-
<KDC FQDN>: FQDN for the domain controller for Active Directory
-
<Active Directory FQDN>: FQDN for the forest root domain
2. Click "Test connection" to check if the connection is available.
If an error occurs, mouse over the word "Error" to get the error contents.
3. Click "Register" to save the connection settings.
4. From the user management settings screen in the Settings menu, click "Perform user synchronization."