Configure OmniGroupServer (Active Directory Authentication)

To retrieve and combine the security groups from SharePoint and Active Directory, create the following tasks in the OmniGroupServer configuration file.

  • A task to retrieve the security groups from the SharePoint repository. This task sends the SynchronizeGroups fetch action to the SharePoint connector, according to the schedule that you configure.
  • A task to retrieve the security groups from Active Directory.
  • A task to combine the information into a single repository in OmniGroupServer. The combine operation must run after the security information has been retrieved.

To retrieve and combine security groups

  1. Open the OmniGroupServer configuration file.
  2. In the [Repositories] section, create three repositories, one for the SharePoint groups, one for the Active Directory groups retrieved through LDAP, and another to combine the information. For example:

    [Repositories]
    GroupServerDefaultRepositories=Combine
    Number=3
    0=SharePointOnline
    1=LDAP
    2=Combine
  3. In the section that you created to retrieve the SharePoint groups, create a task to extract the information from SharePoint. You can use the following configuration parameters (for a complete list of configuration parameters, refer to the OmniGroupServer Reference):

    GroupServerJobType The type of task that OmniGroupServer must run. To retrieve SharePoint groups, set this parameter to Connector. This instructs OmniGroupServer to send the SynchronizeGroups fetch action to the connector.
    ConnectorHost The host name or IP address of the machine that hosts the SharePoint connector.
    ConnectorPort The ACI port of the connector.
    ConnectorTask The name of a fetch task in the connector’s configuration file that contains the information and credentials required to connect to the SharePoint repository.

    For example:

    [SharepointOnline]
    GroupServerJobType=Connector
    ConnectorHost=localhost
    ConnectorPort=7024
    ConnectorTask=SharePointOnline
  4. In the section that you created to retrieve the Active Directory groups, configure a task to extract the information from the directory using LDAP. You can use the following configuration parameters (for a complete list of configuration parameters, refer to the OmniGroupServer Reference).

    GroupServerLibrary The full path (including the file name) to the library file that allows the group server to access the repository. Use the LDAP group server library.
    LDAPServer The host name or IP address of the machine that hosts the LDAP directory.
    LDAPPort The port to use to access the LDAP directory.
    LDAPBase The distinguished name of the search base.
    LDAPType The type of LDAP server (for example, Microsoft Active Directory).
    LDAPSecurityType The type of security to use when communicating with the LDAP server (for example, SSL or TLS).
    LDAPBindMethod The type of authentication to use to access the LDAP directory. To log on as the same user that is running OmniGroupServer, set this parameter to NEGOTIATE.
    KeyUserName (Optional) The name of the attribute from which to extract the user name. If you are retrieving documents from SharePoint Online and users from a local Active Directory, set this parameter so that OmniGroupServer extracts an e-mail address rather than a user name.
    KeyGroupName (Optional) The name of the attribute from which to extract the group name. If you are retrieving documents from SharePoint Online and groups from a local Active Directory, set this parameter so that OmniGroupServer extracts an e-mail address rather than a group name.

    For example:

    [LDAP]
    GroupServerLibrary=ogs_ldap.dll
    LDAPServer=myLDAPserver
    LDAPPort=636
    LDAPBase=DC=DOMAIN,DC=COM
    LDAPType=MAD
    LDAPSecurityType=SSL
    LDAPBindMethod=NEGOTIATE
    KeyUserName=mail
    KeyGroupName=mail
  5. In the section that you created for combining the security groups, configure a task to combine the group information. You can use the following configuration parameters (for a complete list of configuration parameters, refer to the OmniGroupServer Reference):

    GroupServerJobType The type of task that OmniGroupServer must run. Set this parameter to Combine.
    GroupServerSections The names of the repositories in the configuration file that you want to merge.
    GroupServerStartDelaySecs

    The number of seconds to wait before starting the task.

    It is important to set this parameter so that the combine operation does not start until the security groups have been retrieved from the SharePoint repository and Active directory. This ensures that the combine operation uses the latest information.

    The delay that you specify only has to ensure that the other jobs start first.

    GroupServerAllUserGroups A list of groups to add to all users in the repository. OmniGroupServer does not add all users to the EVERYONE group by default, so OpenText recommends that you set GroupServerAllUserGroups=EVERYONE.

    For example:

    [Combine]
    GroupServerJobType=Combine
    GroupServerSections=SharepointOnline,LDAP
    GroupServerStartDelaySecs=10
    GroupServerAllUserGroups=EVERYONE
  6. (Optional) You can set further parameters to define the schedule for the tasks. To run all of the tasks on the same schedule, set these parameters in the [Default] section. To run a task on a different schedule, set these parameters in the task section.

    GroupServerStartTime The time when a task starts.
    GroupServerRepeatSecs The number of seconds that should elapse before the Group Server repeats a task.

    For example:

    [Default]
    GroupServerStartTime=12:00
    GroupServerRepeatSecs=3600
  7. Save and close the OmniGroupServer configuration file.