Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to connect to Active Directory using the Generic LDAP Connector

No ratings
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sonja_Bauernfeind
Digital Support
Digital Support

How to connect to Active Directory using the Generic LDAP Connector

Last Update:

Dec 4, 2020 6:22:36 AM

Updated By:

Sonja_Bauernfeind

Created date:

Dec 18, 2015 9:26:49 AM

In the standard Active Directory Connector, it is not possible to specify the branch or sub directory to limit searches to. But the Generic LDAP connector can be configured to do connect to Active Directory and specifying a subdirectory.

Also using Generic LDAP connector makes it possible to set an alias for domain. In a rare situation that a domain called "Internal" can only be connected by Generic LDAP due to naming conflict.

 

Resolution:

 

  1. Before setting up UDC, 3 pieces of information are required:
    • Path
    • User name
    • LDAP Filter
  2. It is convenient to use a 3rd party tool called LDAP Admin" to prepare the above 3 pieces of information
  3. Once LDAP Admin is downloaded and run, make a connection to the existing Active Directory. Domain Admin may need to be involved in order to get this step done.

    connection properties.jpeg

    connection is successful.jpeg


  4. Once connected, go to Edit > Search > Custom
  5. In the Search Window, make sure  Path is set to root base. Use the Browse button if necessary.
  6. Create a filter so that only limited number of users are fetched. In the sample below, only 16 users are fetched by using the predefined filter. Please consult Domain Admin about how to construct an LDAP filter.

    create filter.jpeg

  7. Now the 3 pieces of information are confirmed and tested. We can start building the Generic LDAP connector.
  8. [VERY IMPORTANT] Before moving forward, confirm if there is any RootAdmin assigned to a domain user in Qlik Sense.
    1. If there is, make sure that user appears in the search result of above filter otherwise it will be marked as inactive and could potentially lock users out from QMC.
    2. Also, follow How to avoid the RootAdmin(s) from becoming inactive. But this step should not be relied on so please still make sure the filter fetches current RootAdmin.
  9. Go to QMC and create a Generic LDAP connector as per our example:
    1. Uncheck User Sync Settings 
    2. Fill out:
      User Directory name
      Path (such as LDAP://servername/DC=qliktech,DC=com
      Username and Password of the user used in the previous steps
    3. Fill out the Additional LDAP filter as created in the previous steps
      We leave timeout and page size for search at default values. 
    4. Leave Directory Entry Attributes default except for changing User identification to person

      user directory connector edit.jpeg

       

  10. Once this is complete, initiate a Sync and ensure all users were fetched: 

    user list.jpeg

Labels (1)
Labels:
7,477 Views
Was this article helpful? Yes No
Contributors
Version history
Last update:
‎2020-12-04 06:22 AM
Updated by:
Digital Support