By default MS Active Directory supports all LDAP connections using the Standard 389 port.

You can configure Ephesoft to do the same by following the instructions below.


Applicable Ephesoft versions:

Ephesoft v3.1 and up



1. First you have to configure the Active Directory to pull the groups so you can set the role(s) for the batch classes. To do this you will modify the file located in:

Epehesoft Install Directory\Application\WEB-INF\classes\META-INF\dcma-user-connectivity

Set up the following properties for Active Directory:

# This Property defines which type of connectivity is used
# 0 = LDAP
# 1 = MS Active Directory
# 2 = Tomcat
#This Attribute is added so as to make search of groups in LDAP/AD configurable,by default its cn(commonName) is returned
#This Attribute is added to make search of Users (Organisational Unit) in LDAP/AD configurable,by default its cn
#Set this for MS Active Directory
# filter can have |(OR), &(AND) and !(NOT)
# | (|(cn=a*))
# & (&(cn=a*))
# ! (!(cn=a*))
# complex example ((!(cn=a*))(|(cn=ephesoft*)(&(cn=b*)))

Configuration that need to be modified:

user.connectivity_url – This is the url to the AD/LDAP server

user.msactivedirectory_context_path – path to root OU where groups reside. Multiple locations can be specified with a “;;” delimiter (eg. OU=Internal Groups;;OU=Contractors)

user.connectivity_domain_component_name – component value for AD is DC below the root DC. There can only one value here such as ‘ephesoft’. ‘cn=na,cn=ephesoft’ or ‘cn=ephsesft’ is not allowed.

user.connectivity_domain_component_organization – root DC of the AD store (typically “com”)

user.connectivity_username – User name to connect to the AD server.

user.connectivity_password – User password to connect to the AD server.

user.msactivedirectory_group_search_filter – Display only the groups that meets the filter value

user.connection – value should be set between 0-2 in order to enable the AD, LDAP or Tomcat configuration in order to authenticate users.



2. Next you have to modify the path for authentication of the users. The file you have to modify is called server.xml and it is located in:

Epehesoft Install Directory\Application\WEB-INF\classes\META-INF\dcma-user-connectivity


Modify the realm element to have the url, name, password, pattern and role base for the Active Directory instance.


connectionName=”CN=Ephesoft Service,OU=Users,DC=YourDomain,DC=com”
connectionPassword=”UserPassword “
roleBase=”OU=Security Groups,DC=YourDomain,DC=com”

Attributes in Realm element that need to be modified:

connectionURL – This is the url to the LDAP server

connectionName – User name to connect to the AD server.

connectionPassword – User password to connect to the AD server.

userPattern – path and pattern to the users

roleBase – path to root where groups reside. Groups must have a common OU to be included in the role base but can be is sub directories under this specified root

roleSubtree – attribute to enable searches in sub groups

roleName – attribute in AD of the Groups that should be included

roleSearch – attribute in the groups specifying the user. The {0} is used as a wild card to indicate all users in those groups


3. You will also want to modify the file located in your \Ephesoft\Application\WEB-INF\classes\META-INF directory

Update the following settings in this file:


Then, we need to clarify that the value here is the AD group name . 
The group name you provide for user.super_admin= will have super admin privileges i.e. access to all the functionality of Ephesoft. The users in the group will be called super admin users and they can assign the user roles from the Ephesoft UI -> System Configuration -> Access Manager screen to the other users who belong to different groups and are not part of the super admin group.
Make sure your user (super admin user) is present in the correct group that you have defined in the file in user.super_admin group. If this is not the case then the user will give you authorization issues such as the screenshot below:



4. Once the configuration is set restart the server and log in as the AD user with the value that is placed in as the cn value (the cn may be the full name) and the AD password.


More Info:


< Back | How To Main Page | Next Article – Using the Global Catalog Service Port >

Was this article helpful to you?


Comments are closed.