You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Current »

The 

Unable to show "metadata-from": No such page "_space_variables"
system acts as an Active Directory client. By default, the 
Unable to show "metadata-from": No such page "_space_variables"
is able to obtain any readable field in the Active Directory.

Accessing Active Directory

Accessing AD values requires that we have an account with credentials on the particular domain to be queried. Anonymous binds to AD are typically not supported by the domain controller. Administrators are required to create a new user in their system (following standard Active Directory add user practices), preferably one whose credentials never expire, and configure these credentials in

Unable to show "metadata-from": No such page "_space_variables"
Unable to show "metadata-from": No such page "_space_variables"
will use these configured credentials when communicating with AD.

If for some reason the Active Directory server is unreachable, access to 

Unable to show "metadata-from": No such page "_space_variables"
will fall back to local-only.

Active Directory Queries and Domain Membership Requirements

Domain membership is not required for the 

Unable to show "metadata-from": No such page "_space_variables"
to query Active Directory. It is important to note that Global Catalog binds are not supported. Only LDAP binds are used to query and collect Active Directory data. The configuration requires the domain controller's IP address to be specified. Multiple domain controllers can be configured. The list will be traversed in order if any of the former entries fail to bind. If all the IPs are unreachable or fail to bind, the 
Unable to show "metadata-from": No such page "_space_variables"
will retry the bind at one minute intervals.

The 

Unable to show "metadata-from": No such page "_space_variables"
supports multiple domains within the same AD forest. That way the domains have internal trust and hence, the 
Unable to show "metadata-from": No such page "_space_variables"
can access them with the same user. If mapping to a domain group in a specific domain is required, you need to create a group with a unique group name in that specific domain, so that you can map to that group. If the group name is not unique, the 
Unable to show "metadata-from": No such page "_space_variables"
is going to query each domain controller for the same group.

Global Catalog binds are not supported. Only LDAP binds are used to query and collect Active Directory data.

In case a user group is configured under multiple authorization modes, the highest authorization level is used. For example, if a user belongs to multiple groups with authorization levels Administrator and Read Only, the user will be authorized as an Administrator.

Related Topics

  • No labels