Get Started!

˂ Return to FAQ

How to Configure XTAM to support Multi-Domain Forests with AD Trusts

XTAM supports the ability to integrate with multiple domains, taking advantage of AD trusts, in order to provide login and authentication services for the application. This means a single AD integration point will allow multi-domain logins using existing trusts within Active Directory.

Default XTAM deployments are configured for both administration and user ease of use. For this purpose, it starts with using single domain configuration using sAMAccountName logins (user). However, larger or more complex AD structures exist including multi-domain forests with AD trusts. In order to support these configuration, XTAM can be configured to support these domains using UserPrincipalNames (user@company.com).

If you have not integrated with AD yet, please first review our AD Integration article first.

To configure integration for UPN Accounts

1

Login to your XTAM host server. We will need to modify two files, so make sure you have permissions on this host server to update files.

2

First, open the file <XTAM_HOME>/web/conf/catalina.properties in a text editor.

3

Within this catalina file, search for and replace the 2 references to sAMAccountName with UserPrincipalName

Before:

ldap.authn.searchFilter=sAMAccountName={user}
cas.authn.ldap[1].userFilter=(sAMAccountName={user})

After:

ldap.authn.searchFilter=UserPrincipalName={user}
cas.authn.ldap[1].userFilter=(UserPrincipalName={user})
4

After both are replaced, save and close the file.

5

Next, open the file <XTAM_HOME>/web/conf/server.xml in a text editor.

6

Within this server file, search for and replace the 1 reference to sAMAccountName with UserPrincipalName

Before:

userSearch="sAMAccountName={0}"

After:

userSearch="UserPrincipalName={0}"
7

After it is replaced, save and close the file.

8

Finally, restart the PamManagement (Windows) or pammanger (Linux) service.

If you have already granted Permissions in XTAM using sAMAccountName, those logins will no longer work after these changes have been made. Permissions will need to be setup again using the UPN (user@company.com) rather than the previously used sAMAccountName (user).

 
 

Copyright © 2018 Xton Technologies, LLC. All rights reserved.