THE INFORMATION IN THIS ARTICLE APPLIES TO:
- EFT Server's Secure Ad Hoc Transfer module, v1.7 and later
DISCUSSION
The Secure Ad Hoc Transfer (SAT) module can be configured to allow access
by Active Directory (AD) group membership or to populate the From
address with the current user’s e-mail address from Active Directory.
In order for these settings to function, in IIS, an alternate form of
authentication such as Basic authentication or Integrated
Windows authentication must be enabled in the Authentication
Methods dialog box. Also, ensure that the Enable anonymous
access check box is not selected. Refer to IIS
Authentication for more information about IIS authentication settings.)
You must make changes in the SAT configuration file, web.config,
for AD-specific
settings. Refer to KB article Q10483
- HOWTO: Making SAT work with Active Directory for an example.
The table below describes the Active Directory-related variables that
can be edited in the web.config file.
|
Variable
|
Description
|
Default / Range
|
|
UseADExtensions
|
This
setting enables or disables the Active Directory Server Configuration
settings defined below.
|
False
|
|
AD-AuthorizedGroupListName
|
Defines the
Active Directory group names used to specify which groups have
access to SAT.
NOTE: A comma is used to separate a list of
group names or * will allow all groups access to SAT.
Group List Examples:
"GROUP-01, GROUP-02, GROUP-03"
"*"
|
*
|
|
AD-SetFromFieldWithEmail
|
If the value
is set to True, the From e-mail address will
obtain the current logged user's e-mail address from Active Directory.
|
True
|
|
Path
|
Path utilized
in LDAP query including Host Name, Port, and BaseDN
Path Examples:
"LDAP://RootDSE"
"LDAP://DOMAIN:389/OU=XXXXX,DC=XXXX,DC=XXXX"
|
n/a
|
|
SearchFilter
|
LDAP search
filter configuration to retrieve user e-mail address.
%USER.LOGIN% will be replaced with the actual login name for
the current SAT user.
NOTE: The special character & (ampersand)
will need to be replaced with its associated character code &
for the code to function correctly.
|
(&(objectClass=person)(|(sAMAccountName=%USER.LOGIN%)(userPrincipalName=%USER.LOGIN%)
(mail=%USER.LOGIN%)))
|
|
Attributes
|
The set of
attributes to be retrieved from the query.
|
cn,sAMAccountName,
userPrincipalName,
mail,
displayName,sn
|
|
Scope
|
Search Scope:
Base = Limits the search to the base object.
The result contains one object at most.
OneLevel = Searches the immediate child objects
of the base object, excluding the base object.
Subtree = Searches the whole subtree, including
the base object and all its child objects.
|
Subtree
|
|
UseConfiguredDomainAccount
|
The authentication
method used to connect to Active Directory.
None = Equates to zero, which means to use
basic authentication (simple bind) in the LDAP provider.
Anonymous = No authentication is performed
Delegation = Enables Active Directory Services
Interface (ADSI) to delegate the user's security context, which
is necessary for moving objects across domains.
Secure = Requests secure authentication.
NOTE: If the UseConfiguredDomainAccount = ""
then UseConfiguredDomainAccount is set as "AuthenticationTypes.None"
by default.
|
Secure
|
|
DomainAdminUser
|
This setting
is required when the UseConfiguredDomainAccount is set to Secure.
This is the username of an account that has the ability to query
Active Directory.
User Name Examples:
"username"
"domain\username"
|
n/a
|
|
DomainAdminPass
|
This setting
is required when the UseConfiguredDomainAccount is set to Secure.
This is the base64 encoded password of the account that has the
ability to query Active Directory.
(use encode.htm
to obfuscate)
|
n/a
|
|
SenderEmailDisplayAttribute
|
Active Directory
attribute name used to retrieve the From e-mail
address
|
mail
|