Active Directory Integration

To integrate your Active Directory with XTAM, you may configure your settings during or after installation.

 

If you are looking to integrate with additional AD or LDAP domains, please review our Multi-domain Configuration article.

 

If you are looking to integrate with NetIQ eDirectory, please review our NetIQ eDirectory Integration article.

 

We recommend using an Active Directory account whose password does not change. If the password of this account does change, XTAM’s integration with your Active Directory will no longer work resulting in AD users being unable to login to XTAM. If your AD integration account password does change, then you can follow the procedure outlined in the section To configure or update an Active Directory binding After Installation on this page to update XTAM with your new password.

Active Directory binding During Installation

To configure an Active Directory binding During Installation:

  1. When the installation wizard reaches the section named Active Directory enter the following values:
    1. LDAP Server: Enter the host name or IP address of your Active Directory Domain Controller.

    2. User: Enter the user name of the account that can connect to this server.

    3. Password: Enter the password of this user.

  2. Click the Connect button to test your connection.

  3. If the test connection was successfully, click the Next button to continue. If the test connection failed, check your values and try again.

    FAQ-AD-Integration-During-Installation

Active Directory binding After Installation

To configure or update an Active Directory binding After Installation:

(June 4, 2018) – If you have updated to XTAM version 2.3.201806032154 or later, you can now configure Active Directory integration by simply navigating to Administration > Settings > AD within the XTAM interface.

 

1. Login to the server where XTAM is deployed as an Administrator.

 

2. Open a command line and navigate to the folder where XTAM is installed ($XTAM_HOME) and issue the following command:

 

  1. For Windows, substitute your ldap.server, ldap.user and ldap.password values and issue:
  2. Copy
    bin\PamDirectory.cmd ADConnect web ldap.server ldap.user ldap.password

     

  3. For Unix or Linux, substitute your ldap.server, ldap.user and ldap.password values and issue:

    Copy
    bin/PamDirectory.sh ADConnect web ldap.server ldap.user ldap.password

 

Please note if your password contains any of the following characters & \ < > ^ | then they must be properly escaped when executing the command by placing a ^ before each like this for ampersand ^&. Alternatively, you can issue the command using a dash – rather than the password in which case you will be prompted to enter the password during execution and in this approach, those special characters do not have to be escaped.

 

3. If the command returns an OK response, then restart the Pam Manager service on this computer:

  1. For Windows:
  2. Copy
    net stop PamManagement
    net start PamManagement

     

  3. For Unix or Linux:

  4. Copy
    service pammanager restart

 

4. If the command returns a Fail response, then double check your user and password values. For the {ldap.user} value, be sure to use the user@domain format.

 

5. Active Directory integration is now complete. Objects and permissions may now be shared with AD Users and Groups in XTAM.