| <body> |
| <h3 id="adadaptor">Deployment of Active Directory Adaptor</h3> |
| |
| <p>A single instance of Active Directory adaptor can acquire |
| and resolve groups from multiple Active Directory servers. |
| |
| <h4>Requirements</h4> |
| <ul> |
| <li>GSA 7.2 or higher |
| <li>Java JRE 1.6u27 or higher installed on computer that runs adaptor |
| <li>Active Directory Adaptor JAR executable |
| <li>Credentials for Active Directory servers to be read |
| </ul> |
| |
| <h4>Configure GSA for Adaptor</h4> |
| <ol> |
| <li>Add the IP address of the computer that hosts the adaptor to the <b>List |
| of Trusted IP Addresses</b> on the GSA. |
| <p>In the GSA's Admin Console, go to <b>Content Sources > Feeds</b>, |
| and scroll down to <b>List of Trusted IP Addresses</b>. Add the IP address |
| for the adaptor to the list. |
| </ol> |
| |
| <h4>Configure Adaptor</h4> |
| <ol> |
| <li>Create a file named <code>adaptor-config.properties</code> in the |
| directory that contains the adaptor binary. The configuration can |
| be for multiple AD servers. The variable <code>ad.servers</code> |
| contains a list of server identifiers. |
| <p> |
| Here is an example configuration (bold items are example values to be |
| replaced): |
| <pre> |
| gsa.hostname=<b>yourgsa.example.com</b> |
| ad.domain=<b>example.com</b> |
| ad.defaultUser=<b>Admin</b> |
| ad.defaultPassword=<b>PassW0RD</b> |
| ad.servers=<b>firstServer,anotherAdServer</b> |
| ad.servers.firstServer.host=<b>111.111.111.111</b> |
| ad.servers.firstServer.method=standard |
| ad.servers.firstServer.port=389 |
| ad.servers.firstServer.user=<b>EXAMPLE\\Administrator</b> |
| ad.servers.firstServer.password=<b>yourpassword</b> |
| ad.servers.anotherAdServer.host=<b>222.222.222.222</b> |
| ad.servers.anotherAdServer.method=standard |
| ad.servers.anotherAdServer.port=389 |
| </pre> |
| <p> |
| Notice: <code>ad.defaultUser</code> can be overriden by providing particular |
| <code>user</code> for a particular server.<br> |
| Notice: <code>ad.defaultPassword</code> can be overriden by providing particular |
| <code>password</code> for a particular server.<br> |
| |
| <li> Create file named <code>logging.properties</code> in the same directory |
| that contains adaptor binary: |
| <pre> |
| .level=INFO |
| handlers=java.util.logging.FileHandler,java.util.logging.ConsoleHandler |
| java.util.logging.FileHandler.formatter=com.google.enterprise.adaptor.CustomFormatter |
| java.util.logging.FileHandler.pattern=logs/adaptor.%g.log |
| java.util.logging.FileHandler.limit=10485760 |
| java.util.logging.FileHandler.count=20 |
| java.util.logging.ConsoleHandler.formatter=com.google.enterprise.adaptor.CustomFormatter |
| </pre> |
| |
| <li><p>Create a directory named <code>logs</code> in the same |
| directory that contains logging.properties. |
| |
| <li><p>Run the adaptor using: |
| <pre>java -Djava.util.logging.config.file=logging.properties -jar adaptor-ad-YYYYMMDD-withlib.jar</pre> |
| </ol> |
| |
| <h4>Running as a service</h4> |
| <p>Example service creation on Windows with prunsrv: |
| <pre>prunsrv install adaptor-ad --StartPath="%CD%" ^ |
| --Classpath=adaptor-ad-YYYYMMDD-withlib.jar ^ |
| --StartMode=jvm --StartClass=com.google.enterprise.adaptor.Daemon ^ |
| --StartMethod=serviceStart --StartParams=com.google.enterprise.adaptor.ad.AdAdaptor |
| --StopMode=jvm --StopClass=com.google.enterprise.adaptor.Daemon ^ |
| --StopMethod=serviceStop --StdOutput=stdout.log --StdError=stderr.log ^ |
| ++JvmOptions=-Djava.util.logging.config.file=logging.properties</pre> |
| |
| <p>Example execution on Linux with jsvc: |
| <pre>jsvc -pidfile adaptor.pid -cp adaptor-ad-YYYYMMDD-withlib.jar com.google.enterprise.adaptor.Daemon com.google.enterprise.adaptor.ad.AdAdaptor</pre> |
| |
| <h4>Optional <code>adaptor-config.properties</code> fields</h4> |
| <dl> |
| |
| <dt> |
| <code>server.dashboardPort</code> |
| </dt> |
| <dd> |
| Port on which to view web page showing information and diagnostics. Defaults to "5679". |
| </dd> |
| |
| <dt> |
| <code>ad.localized.Everyone</code> |
| </dt> |
| <dd> |
| Name of Everyone group. Defaults to "Everyone". |
| </dd> |
| |
| <dt> |
| <code>ad.localized.NTAuthority</code> |
| </dt> |
| <dd> |
| Name of NT Authority group. Defaults to "NT Authority". |
| </dd> |
| |
| <dt> |
| <code>ad.localized.Interactive</code> |
| </dt> |
| <dd> |
| Name of Interactive group. Defaults to "Interactive". |
| </dd> |
| |
| <dt> |
| <code>ad.localized.AuthenticatedUsers</code> |
| </dt> |
| <dd> |
| Name of Authenticated Users group. Defaults to "Authenticated Users". |
| </dd> |
| |
| <dt> |
| <code>ad.localized.Builtin</code> |
| </dt> |
| <dd> |
| Prefix for builtin group names. Defaults to "BUILTIN". |
| </dd> |
| |
| <dt> |
| <code>ad.feedBuiltinGroups</code> |
| </dt> |
| <dd> |
| Whether to feed in builtin groups. Defaults to false. |
| </dd> |
| |
| <dt> |
| <code>adaptor.namespace</code> |
| </dt> |
| <dd> |
| Namespace to use on ACLs sent to GSA. Defaults to "Default". |
| </dd> |
| |
| </dl> |
| |
| </body> |