Windows Integrated Authentication

When BlueRange Server is installed in Windows OS hosted on a machine being a Domain member of an Active Directory environment both Kerberos Impersonation and LDAP Login Integration are necessary.

Before configuring this setup please read both the chapters carefully.

UUID Mapping

If the Server is being installed on premise, as member of an Active Directory domain and that domain is used as default Kerberos realm, it is recommended to set the UUID mapping to objectGUID for users and groups:

  • UUID: objectGUID

Do this only if this is the sole LDAP directory configuration.

This additional mapping instructs BlueRange to use the Active Directory GUIDs as internal surrogate keys for it’s data structures. In all other cases leave the UUID mapping unset to cause the software to assign unique surrogate keys automatically as needed.

User mapping

For Active Directory the following attribute mappings are recommended:

  • Name: sAMAccountName

  • Salutation: title

  • First name: givenName

  • Last name: sn

  • User locked: userAccountControl

Group mapping

For Active Directory the recommended group attribute mappings are as follows:

  • Name: sAMAccountName

  • Member: member