The Authentication page provides a general overview of the different authentication methods; it also details how these authentication providers can be configured using the registry.properties file.
Since LDAP and Active Directory (AD) property changes do not require a server restart to take effect, these can be edited directly on the Administration page.
Descriptions can be found under each field on how to fill them. LDAP and Active Directory tabs contain a switch to turn on the authentication mode.
Authentication Providers, Active Directory
Synchronize user and group properties
In the case of local (DB) users, you can provide a list of additional properties like e-mail address, full name, last name or first name. If LDAP or Active Directory is turned on, these properties can be synchronized automatically when a user logs in. To do this, you have to tell Compound Registration which LDAP or AD attributes contain this information by filling the appropriate fields (e.g. "LDAP e-mail attribute" or "Active Directory last name attribute"). To read more on user and group synchronization please check out the Users and Groups page.
Custom user attributes
Compound Registration allows synchronizing any user attribute from LDAP or AD. You have to provide a comma-separated list containing the custom attribute names when filling "LDAP custom user attribute list" and "Active Directory custom user attribute list" fields.
These user attributes are not displayed on the user interface at the moment. Instead, they can be used to be attached to compounds as additional data by using the generator feature of form fields. For more information on how to set up a generated additional data please read the "Generator" section on this page.
AD query filter can be configured to filter groups to be synchronized to those that are relevant for the Compound Registration application so not all groups from the AD will be synchronized.
AD query filter can be configured to filter users to be synchronized to those that are part of one or more groups so not all users from AD will be synchronized.