The SBC Edge Portfolio system acts as an Active Directory client. By default, the SBC Edge Portfolio is able to obtain any readable field in the Active Directory.
Accessing Active Directory
Accessing AD values requires that we have an account with credentials on the particular domain to be queried. Anonymous binds to AD are typically not supported by the domain controller. Administrators are required to create a new user in their system (following standard Active Directory add user practices), preferably one whose credentials never expire, and configure these credentials in SBC Edge Portfolio. SBC Edge Portfolio will use these configured credentials when communicating with AD.
If the Active Directory server becomes unreachable, access to SBC Edge Portfolio will fall back to local-only.
Active Directory Queries and Domain Membership Requirements
Domain membership is not required for the SBC Edge Portfolio to query Active Directory. It is important to note that Global Catalog binds are not supported. Only LDAP binds are used to query and collect Active Directory data. The configuration requires the domain controller's IP address to be specified. Multiple domain controllers can be configured. The list will be traversed in order if any of the former entries fail to bind. If all the IPs are unreachable or fail to bind, the SBC Edge Portfolio will retry the bind at one minute intervals.
The SBC Edge Portfolio supports multiple domains within the same AD forest. That way the domains have internal trust and hence, the SBC Edge Portfolio can access them with the same user. If mapping to a domain group in a specific domain is required, you need to create a group with a unique group name in that specific domain, so that you can map to that group. If the group name is not unique, the SBC Edge Portfolio is going to query each domain controller for the same group.
Global Catalog binds are not supported. Only LDAP binds are used to query and collect Active Directory data.
In case a user group is configured under multiple authorization modes, the highest authorization level is used. For example, if a user belongs to multiple groups with authorization levels Administrator and Read Only, the user will be authorized as an Administrator.
Related topics:
- Configuring the SBC Edge Portfolio for Active Directory
- Managing Domain Controllers
- Managing Active Directory Groups to Access Level Mapping
- Querying the Active Directory Cache