The first step in configuring an authentication manager plug-in for Microsoft Active Directory is to validate your ability to connect to Active Directory directly. Always do this before attempting to authenticate a user through either PAS for OpenEdge or OpenEdge Authentication Gateway. As a best practice, Progress recommends that you make this initial connection using an LDAP browser product, which also allows you to view the Active Directory structure so that you can understand how user account, group information, and other details in Active Directory are structured. Understanding this structure is essential to being able to map the user account and group information to the specific properties that you need to configure in the authentication manager plug-in.

Obtain an LDAP browser

There are a number of freely available LDAP browsers that you can use to examine the structure and contents of Microsoft Active Directory. For example, Microsoft provides Active Directory Explorer. There are also open source LDAP browsers, such as JXplorer. Download and install the one that you prefer.

Obtain the Active Directory host details

You need the Active Directory server host name, IP address, port number, and required TLS connection details to connect to an Active Directory host used in your organization. You can obtain these details from the network administrator, or by completing the following steps on Windows:

  1. Open a command prompt.
  2. Use the SET command to view the definition of the LOGONSERVER environment variable. This variable contains the definition of the Active Directory host name.

    For example, the following command shows that the Active Directory host name in use is NTMADACME:

    C:\Users\jsmith>SET LOGONSERVER
LOGONSERVER=\\NTMADACME

Test your Active Directory connection

To test your Active Directory connection:

  1. From a command prompt, enter the WHOAMI /UPN command to obtain your Active Directory user ID,for example:
    C:\Users\jsmith>WHOAMI /UPN
jsmith@acme.com
    Note: Your Active Directory ID is associated with your Windows login ID and is accessed using your Windows password.
  2. Start your LDAP browser, and connect to Active Directory using the following login settings. (You might need to verify some of these connection details with your network administrator.)
    • The Active Directory host name.
    • The port number used by your organization. The default is 389.
    • The LDAP version number used for the connection. Progress recommends using LDAP v3.
    • The security level with which you want to connect. For example, choose User + Password to log in using your Active Directory user ID and password.
    • Your Active Directory user ID and your Windows password.

Obtain the Active Directory server's rootDN

From the LDAP browser, search for the Active Directory root distinguished name (DN), also called simply rootDN. This information is typically available in Microsoft Active Directory from the rootDSE. The rootDSE contains the defaultNamingContext attribute, which contains the rootDN and is the top-level branch in Active Directory from which you search for user account and group information.

For information about locating the rootDSE, see the Microsoft Active Directory information at the following location:

https://docs.microsoft.com/en-us/windows/win32/adsi/active-directory-service-interfaces-adsi