Configuring Active Directory with the Mi-Forms Server allows for authentication of users who are members of selected groups, in addition to using local users and groups on the Mi-Forms Server. This feature was added in Mi-Forms Server 7.
For documentation on configuring an Active Directory server with the Mi-Forms Server, please refer to the Mi-Forms Server Help documentation, located by default here after installation of the Mi-Forms Server:
C:\Program Files\Mi-Co\<Mi-Forms Server Vers #>\Documentation\
Refer to the pages
* "Adding a New Customer"
*"Modifying an Existing Customer"
* "Advanced Configuration" (mf.Active.Directory.Sleep.Timespan)
* "Active Directory Configuration Considerations".
For troubleshooting initial configuration of an Active Directory server with the Mi-Forms Server, please consider the following:
* Leave the "Provider" setting of "LDAP://" alone. In most cases, this will be the correct value for this field.
* Leave the "Authentication Types" setting of "Secure" alone. In most cases, this will be the correct value for this field.
* When entering a "username", do not include the domain of the user.
* Despite the label and documentation instructions, the credentials of a Domain Administrator are not required. Username and password may represent the credentials of a service account with access to list the desired Active Directory groups. The "Domain Administrator" Username and Password credentials entered on the Add/Edit Customer page are only used to list the available groups on the Active Directory server. After they are listed and a customer is configured, access to this list is no longer needed.
After clicking "Test Credentials...":
* An error message of "The LDAP server is unavailable" means the Mi-Forms Server was not able to reach the AD server. Check the "Server" setting.
* An error message of "Authentication failed" indicates that the "Username" and "Password" credentials are incorrect, regardless of the "Object Name" (the "Server" setting is correct).
Once the correct Server, Username and Password settings are entered and "Test Credentials..." is clicked:
* An error message of "Unknown error (0x80005000)" may indicate that the "Object Name" is incorrect (i.e. it is blank).
* An error message of "An invalid dn syntax has been specified" indicates that the Object Name has an incorrect format.
* An error message of "A referral was returned from the server" indicates that the "Object Name" is incorrect.
* An error message of "There is no such object on the server" indicates that part of the Object Name is correct but the last object(s) is/are not. For example, if "DC=company,DC=com" is the correct Object Name but "DC=east,DC=company,DC=com" was entered, you would receive this error because the DC=east object was not found on DC=company,DC=com.
After successfully authenticating with "Test Credentials..." and clicking "Get groups from Active Directory...":
* An error message "Index out of range" appears, the Active Directory may be configured to limit the number of groups returned from a single query (or any results on a single query). If this is the case, it may be necessary to manually configure your Mi-Forms Server with Active Directory. Please contact Mi-Co Technical Support for details, firstname.lastname@example.org.
Posted in: Mi-Forms Server