Checkbox 7 : Multiple AD Providers

Important Notes:

This article will help you configure Checkbox for multiple AD providers. Configuring your installation for multiple AD providers should only be done under the direction or with the support of the Checkbox Support team. If you are unsure about whether or not you need or should be using this feature, please reach out to Customer Support to ensure that it is recommended for your use case.

**Before you follow the steps in this guide, please ensure that you have already successfully installed Checkbox and configured it to run with a single AD provider.** 

 

To configure Checkbox for Multiple AD Providers:

1. Locate both the api\web.config and checkbox-service\Checkbox.Service.Host.exe.config files and back them up. All following changes must be completed in both configuration files.

 

2. Locate the AD connection string setting. You will need to copy this setting and update the copied field with your second provider's AD connection string. An example of the end result is shown below. 

Note the name of the second provider's connection string. You will need this in the next step.

 <add name="ADConnection1" connectionString="LDAP://ad.mycompany.com/DC=ad,DC=mycompany,DC=com" />

<add name="ADConnection2" connectionString="LDAP://ad.mysecondcompany.com/DC=ad,DC=mysecondcompany,DC=com" />

 

3. Locate the "Providers" section in the configuration files. You will want to copy the section labeled "ActiveDirectoryMembershipProvider1" and make the necessary modifications for the second provider. Example is shown below. 

Important note: in the second provider, the name, connectionStringName, connectionUsername, and connectionPassword have all been updated to reflect the second AD store. The connectionStringName matches the name given to the second connection string in step 1.

        <add
            name="ActiveDirectoryMembershipProvider1"
            type="Checkbox.Membership.Providers.ActiveDirectoryMembershipProvider, Checkbox.Membership.ContactStores"
            connectionStringName="ADConnection1"
            connectionProtection="None"
            connectionUsername="mycompany\adminuser"
            connectionPassword="my-pass"
            attributeMapUsername="SAMAccountName"
            enableSearchMethods="true"
            enableCache="true"
        />

        <add
            name="ActiveDirectoryMembershipProvider2"
            type="Checkbox.Membership.Providers.ActiveDirectoryMembershipProvider, Checkbox.Membership.ContactStores"
            connectionStringName="ADConnection2"
            connectionProtection="None"
            connectionUsername="secondcompany\developeruser"
            connectionPassword="my-pass"
            attributeMapUsername="SAMAccountName"
            enableSearchMethods="true"
            enableCache="true"
        />

 

4. If you are using the Role Provider you will need to add a new role provider for the second AD provider as well. To do this locate the "roleManager" section in the configuration file. You will need to copy a "ActiveDirectoryRoleProvider" section and make necessary changes for your second AD provider. You can see the end result below. 

For the role provider, note that the name, connectionUsername, connectionPassword, and the domainDn have been altered to reflect the same changes above for the second provider. 

<add
name="ActiveDirectoryRoleProvider1"
type="Checkbox.Membership.Providers.ActiveDirectoryRoleProvider, Checkbox.Membership.ContactStores"
cacheAdRoles="true"
connectionUsername="mycompany\adminuser"
connectionPassword="my-pass"
domainDn="ad.mycompany.com"
roleMappings="Domain Users=Report Viewer,Domain Users=Respondent"
applyDefaultRolesToUsersWithNoMappedRoles="true"
/>

<add
name="ActiveDirectoryRoleProvider2"
type="Checkbox.Membership.Providers.ActiveDirectoryRoleProvider, Checkbox.Membership.ContactStores"
cacheAdRoles="true"
connectionUsername="secondcompany\developeruser"
connectionPassword="my-pass"
domainDn="ad.mysecondcompany.com"
roleMappings="Domain Users=Report Viewer,Domain Users=Respondent"
applyDefaultRolesToUsersWithNoMappedRoles="true"
/>

 

5. Once the changes have been completed in one of the configuration files you will need to make the same changes in the other.

Once the service configuration changes are complete you will need to restart the Checkbox Service. 

 

If you have any issues or questions regarding setting up multiple AD providers, please create a support ticket and we will be happy to assist you.

0 Comments

Article is closed for comments.