How to connect to Active Directory using the Generic LDAP Connector
Article Number: 000012415 | Last Modified: 2019/01/22
In the standard Active Directory Connector, it is not possible to specify the branch or sub directoy to limit searches to.
But the Generic LDAP connector can be configured to do connect to Active Directory and specifying a sub directory.
Also using Generic LDAP connector makes it possible to set an alias for domain. In a rare situation that a domain called "Internal" can only be connected by Generic LDAP due to naming conflict.
- Before setting up UDC, 3 pieces of information are required:
- It is convenient to use a 3rd party tool called "LDAP Admin" to prepare the above 3 pieces of information
- Once LDAP Admin is downloaded and run, make a connection to the existing Active Directory. Domain Admin may need to be involved in order to get this step done.
- Once connected, go to Edit > Search > Custom
- In "Search" Window, make sure "Path" is set to root base. Use "Browse" button if necessary.
- Create a filter so that only limited number of users are fetched. In the sample below, only 16 users are fetched by using the predefined filter. Please consult Domain Admin about how to construct an LDAP filter.
- Now the 3 pieces of information are confirmed and tested. We can start building the Generic LDAP connector.
- [VERY IMPORTANT] Before moving forward, confirm if there is any RootAdmin assigned to a domain user in Qlik Sense.
- If there is, make sure that user appears in the search result of above filter otherwise it will be marked as inactive and could potentially lock users out from QMC.
- Also follow How to avoid the RootAdmin(s) from becoming inactive. But this step should not be relied on so please still make sure the filter fetches current RootAdmin.
- Go to QMC and create a Generic LDAP connector as shown below:
- Do a Sync then make sure all the users are fetched under the "DomainAlias" directory: