Setting Up Active Directory

IMPORTANT: Ektron strongly recommends configuring SSL, especially if you are using Active Directory Integration. SSL encrypts passwords that are otherwise sent as clear text to the Ektron server. See Also: Configuring SSL

The 2 ways to set up Active Directory are contrasted in the table below. Below the table are instructions for each setup option.

Method

When to Use

How setup is done

Advanced Domains
  • You are using a firewall
  • The Ektron server need not be part of an Active Directory domain
  • You are connecting to multiple Active Directory domains, even ones that do not see each other

Via editing the web.config file and entering information in the Ektron Workarea.

Legacy

You are using auto discovery and Active Directory single signon

The domain connects to the AD domain within the web.config.
Setting up Active Directory via the advanced domains method

Setting Up Active Directory via the Advanced Domains Method

  1. Verify AD information because, after you enable AD integration, logon name and domain are imported to Ektron.
  2. If your Active Directory forest has multiple domains, decide if you want Ektron to reference the listed domains or if you want to choose a specific one. (You will use this when completing the Domain field of the Active Directory Setup Screen.)
  3. Edit the web.config file.
    • Set ek_ADEnabled to True. It should look like this:

      <add key="ek_ADEnabled" value="true"/>
    • Set ek_ADAdvancedconfig to True. It should look like this:

      <add key="ek_ADAdvancedconfig" value="true"/>
    • Set ek_AUTH_Protocol to LDAP. (LDAP or GC are acceptable values for this property. LDAP is recommended.) It should look like this:
      <add key="ek_AUTH_Protocol" value="LDAP"/>
    • Set identity impersonate to False. (When using the Advanced Domains Method, the domains screen's credentials are used.) It should look like this:

      <identity impersonate=“false”>
  4. Set up your domains on the Edit Domains screen. See Implementing Active Directory .
  5. Configure the AD setup page. See Implementing Active Directory .
  6. Assign AD groups to Ektron user groups. See Implementing Active Directory .
Setting up Active Directory via the Legacy Method

Setting Up Active Directory via the Legacy Method

  1. Make sure each AD user to be used in Ektron is defined correctly in the Active Directory. Remember that, when you enable AD integration, logon name and domain are copied from AD to Ektron.
  2. If you have multiple domains in your Active Directory forest, decide if you want Ektron to reference all domains or if you want to choose a specific one. (You will use this when completing the Domain field of the Active Directory Setup Screen.)
  3. Set the following elements in the web.config.
    • Set the ek_ADEnabled element to true. It should look like this:

      <add key="ek_ADEnabled" value="true"/>
    • Make sure the ek_ADAdvancedconfig element is set to False. (This is the default value.)
    • Set the ek_AUTH_Protocol element to GC. It should look like this:

      <add key="ek_AUTH_Protocol" value="GC"/>
    • Declare a domain account through ek_adusername and ek_adpassword. (Before entering the password, encrypt it using Ektron’s password encryption utility. To access that utility, go to the Windows Start menu > All Programs > Ektron > current release > Utilities > Encrypt Email Password.) It should look like this:

      <add key="ek_ADUsername" value="[username]@domain" />

      <add key="ek_ADPassword" value="YourPasswordHere" />
    • For the authentication element, change the value of the impersonate attribute to False. It should look like this:

      <identity impersonate="false" userName="" password=""/>
  4. Configure the AD setup page. See Implementing Active Directory .
  5. Assign AD groups to Ektron user groups. See Implementing Active Directory .