Setup of Direct AD (DAM 5.4-5.6)
This is no longer supported in newer versions. Please change to either ADFS or SAML2 protocols (also supported by AD)
How to setup direct AD.
Ensure all requirements are in place
Ensure the server hosting the DAM center is a member of the same domain you want to connect to.
It will also need LDAP access to the AD server (default port 636)
If there is to be an active sync of users/groups then we need a AD user with the following propertise:
Never expire
Never get prompted for changing its password
Permissions
List content.
Read permissions
Read all properties
Configure the DAM
Login the media manager with Super admin rights.
Go to General settings / SSO
Select SSO type Windows authentication.
Press save and then “Activate”
Log on the server where the DAM web application is installed.
Open the Internet information service and find the website.
Navigate to the “DigizuiteCore/loginservice” and select it
Then select Authentication:
Enable windows authentication and disable Anyoumous Authentication:
Recycle the application pool called XXX-LoginService-NC
Configuration of Active user and group sync (example):
The domain is Test1.dk for this example.
The users are located here:
The groups are located here:
Step-by-step guide
Setup the Digizuite configuration
Login the Digizuite with a user who has the rights to change the configuration.
Go to System tools - Digizuite configuration
Find and change the constant called "ACTIVE_DIRECTORY_AUTH_USER" and insert a user who has the rights to query the AD.
The format is: AD\USERNAME@PASSWORD - This can be extended if needed: AD\USERNAME@PASSWORD@LDAPADDRESS@PORT
Recycle the application pool for the Digizuite
Setup the AD sync application on the webserver.
Located the program files, they are in the ZIP file of the installation package of the Digizuite.
Unpack the directory called "CreateADGroupsAndUsers" to where you want the program located. e.g. C:\Program Files\CreateADGroupsAndUsers
Edit the CreateADGroupsAndUsers.exe.config in a text editor.
Enter the following values:
Connectionstring - this value can be found in the web.config of you Digizuite.
DomainKeys - Test1
Now you need to create a set of keys for the domain. You will need the following (The values has to be modified to your specific domain):
<add key="DomainPrefix_TEST1" value="TEST1"/>
<add key="User_MustBeMemberOf_RegEx_TEST1" value="XnRlc3QxXC5kay9EQU1zeW5jR3JvdXBzL0V2ZXJ5Ym9keSQ="/> (Base64 encoded RegEx string: ^test1\.dk/DAMsyncGroups/Everybody$ )
<add key="User_Regex_TEST1" value="XnRlc3QxXC5kay9EQU1zeW5jVXNlcnMvLiok" /> (Base64 encoded RegEx string: ^test1\.dk/DAMsyncUsers/.*$ )
<add key="User_LdapFilter_TEST1" value="OU=DAMsyncUsers, DC=TEST1,DC=dk"/>
<add key="User_BasePath_TEST1" value="TEST1"/>
<add key="Group_LdapFilter_TEST1" value="OU=DAMsyncGroups, DC=TEST1,DC=dk"/>
<add key="Group_BasePath_TEST1" value="TEST1"/>
<add key="Group_Regex_TEST1" value=""/>
Test the sync by opening the CreateADGroupsAndUsers.exe as an administrator
First click the "Create groups" button
When the sync has finished click the "Create users" button
Go to the Digizuite webinterface
Now the Users should be located in "System tools" - "Users and Groups" - "Users" - "TEST1"
Groups should be in "System tools" - "Users and Groups" - "Groups" - "TEST1"
Setup a schduled Task that runs the job every day with the parameters: "-full" This ensures the sync is updated regularly.
e.g. "C:\Program Files\CreateADGroupsAndUsers\CreateADGroupsAndUsers.exe - full"
Setup of connectors or media manager:
Set a connector or Media manager to use SSO login