You can connect only to one Active Directory domain. To do so, you must configure a connection to the domain controller.
To configure a connection to an Active Directory domain controller.
In the program web interface, select Settings → Active directory.
In the Connection settings block, in the Base DN field, enter the DistinguishedName of the root record to search for access groups in the Active Directory catalog service.
In the URL field, indicate the address of the domain controller in the format <hostname or IP address of server>:<port>.
In case of server availability issues, you can specify multiple servers with domain controllers by separating them with commas. All of the specified servers must reside in the same domain.
In the TLS mode select whether you want to use TLS encryption for domain controllers connection. When using an encrypted connection, it is impossible to specify an IP address as a URL.
If you enabled TLS encryption at the previous step, add a TLS certificate. To do so:
If you previously uploaded a certificate, select it from the Secret drop-down list.
If no certificate was previously added, the drop-down list shows No data.
If you want to upload a new certificate, click the button on the right of the Secret list.
The Secret window opens.
In the Name field, enter the name that will be displayed in the list of certificates after the certificate is added.
Click the Upload certificate file button to add the file containing the Active Directory certificate. X.509 certificate public keys in Base64 are supported.
Click the Save button.
The certificate will be uploaded and displayed in the Secret list.
In the Timeout in seconds field, indicate the amount of time to wait for a response from the domain controller server.
If multiple addresses are indicated in the URL field, KUMA will wait the specified amount of seconds for a response from the first server. If no response is received during that time, the program will contact the next server, and so on. If none of the indicated servers responds during the specified amount of time, the connection will be terminated with an error.
If you want to configure domain authorization for a user with the KUMA general administrator role, specify the DistinguishedName of the Active Directory group containing the user in the General administrator field.
If a user matches two groups in the same tenant, the role with the least privileges will be used.
A connection with the Active Directory domain controller is now configured. For domain authorization to work, you must also add filters for KUMA user roles.