How To Setup Active Directory Authenticaion In OpenAM
If your organization uses Microsoft Active Directory for user storage, it is a good practice to use Active Directory user accounts to authenticate in all your enterprise applications. OpenAM supports Microsoft Active Directory
But setting up Microsoft Active Directory as a user data store could be tricky. In this article, we’ll help you to set up user data store in OpenAM
Setup Active Directory User Data Store
Enterprise users should be in a separate realm.
Of course, you can use an existing realm or even use different data stores in a single realm in OpenAM. But in this manual, we will create a separate realm and a sigle data store for employees
So login in OpenAM console as amadmin and create realm
/staff. Delete default user Data Store in
Then create Active Directory data store with type Active Directory.
There are the most important settings in a table below:
|Ldap Server||AD host and port, for example: ad.example.com:389|
|LDAP Bind DN||Bund DN or user name for AD, for example
|LDAP Bind Password||Bind DN password|
|LDAP Organization DN||DN where users are located DC=ad,DC=example,DC=com|
|LDAP Connection Pool Maximum Size||128|
|Attribute Name Mapping||uid=sAMAccountName
|LDAPv3 Plug-in Supported Types and Operations||user=read
|LDAP Users Search Attribute:||sAMAccountName|
|LDAP Users Search Filter||(objectclass=person)|
Test Data Store and Authentication
If you set all settings correctly, you should see user accounts form your active directory, in Subjects tab in the realm.
Then test authentication: Open OpenAM URL in your browser, for example
For legacy UI:
Enter your Active Directory credentials, and you should be successfully authenticated