Setup of Direct AD (DAM 5.4-5.6)

This is no longer supported in newer versions. Please change to either ADFS or SAML2 protocols (also supported by AD)

 

How to setup direct AD.

 

Ensure all requirements are in place

Ensure the server hosting the DAM center is a member of the same domain you want to connect to.

It will also need LDAP access to the AD server (default port 636)

If there is to be an active sync of users/groups then we need a AD user with the following propertise:

  • Never expire

  • Never get prompted for changing its password

  • Permissions

    • List content.

    • Read permissions

    • Read all properties

 

Configure the DAM

 

Login the media manager with Super admin rights.

Go to General settings / SSO

Select SSO type Windows authentication.

Press save and then “Activate”

Log on the server where the DAM web application is installed.

Open the Internet information service and find the website.

Navigate to the “DigizuiteCore/loginservice” and select it

Then select Authentication:

 

Enable windows authentication and disable Anyoumous Authentication:

Recycle the application pool called XXX-LoginService-NC

 

Configuration of Active user and group sync (example):

The domain is Test1.dk for this example.

The users are located here:



The groups are located here:



Step-by-step guide

  1. Setup the Digizuite configuration

    1. Login the Digizuite with a user who has the rights to change the configuration.

    2. Go to System tools - Digizuite configuration

    3. Find and change the constant called "ACTIVE_DIRECTORY_AUTH_USER" and insert a user who has the rights to query the AD.

      1. The format is: AD\USERNAME@PASSWORD - This can be extended if needed:  AD\USERNAME@PASSWORD@LDAPADDRESS@PORT

    4. Recycle the application pool for the Digizuite

  2. Setup the AD sync application on the webserver.

    1. Located the program files, they are in the ZIP file of the installation package of the Digizuite.

    2. Unpack the directory called "CreateADGroupsAndUsers" to where you want the program located. e.g. C:\Program Files\CreateADGroupsAndUsers

    3. Edit the CreateADGroupsAndUsers.exe.config in a text editor.

      1. Enter the following values:

      2. Connectionstring - this value can be found in the web.config of you Digizuite. 

      3. DomainKeys - Test1

      4. Now you need to create a set of keys for the domain. You will need the following (The values has to be modified to your specific domain): 

        1. <add key="DomainPrefix_TEST1" value="TEST1"/>

        2. <add key="User_MustBeMemberOf_RegEx_TEST1" value="XnRlc3QxXC5kay9EQU1zeW5jR3JvdXBzL0V2ZXJ5Ym9keSQ="/> (Base64 encoded RegEx string: ^test1\.dk/DAMsyncGroups/Everybody$ )

        3. <add key="User_Regex_TEST1" value="XnRlc3QxXC5kay9EQU1zeW5jVXNlcnMvLiok" /> (Base64 encoded RegEx string: ^test1\.dk/DAMsyncUsers/.*$ )

        4. <add key="User_LdapFilter_TEST1" value="OU=DAMsyncUsers, DC=TEST1,DC=dk"/>

        5. <add key="User_BasePath_TEST1" value="TEST1"/>

        6. <add key="Group_LdapFilter_TEST1" value="OU=DAMsyncGroups, DC=TEST1,DC=dk"/>

        7. <add key="Group_BasePath_TEST1" value="TEST1"/>

        8. <add key="Group_Regex_TEST1" value=""/>

    4. Test the sync by opening the CreateADGroupsAndUsers.exe as an administrator 

    5. First click the "Create groups" button

    6. When the sync has finished click the "Create users" button

    7. Go to the Digizuite webinterface

    8. Now the Users should be located in "System tools" - "Users and Groups" - "Users" - "TEST1"

    9. Groups should be in "System tools" - "Users and Groups" - "Groups" - "TEST1"

  3. Setup a schduled Task that runs the job every day with the parameters: "-full" This ensures the sync is updated regularly. 

    1. e.g. "C:\Program Files\CreateADGroupsAndUsers\CreateADGroupsAndUsers.exe - full"

 

Setup of connectors or media manager:

Troubleshooting and known issues: