Introduction
Many of our clients utilize Microsoft Active Directory to manage users and group access for their organization.
Understandably, some clients don’t want to have to also manage the same list of users and roles within the m-Power menuing system.
This document will walk you through how to program m-Power to pull data from Active Directory and populate your menuing system.
Global Configuration
Open your /mrcjava/WEB-INF/classes/mrc-runtime.properties file and add the following enties:
ad_url=ldap://ip_goes_here:389;domain=yourcompany.com;search_base=DC=yourcompany,DC=com
ad_user_type=SAM
ad_user=user@yourcompany.com
ad_p=password_goes_here
ad_user_table=YOURDD.dbo.MRCSEC1
ad_group_table=YOURDD.dbo.MRCSEC6
ad_user_group_table=YOURDD.dbo.MRCSEC5
Adjust the ad_url to point at your active directory server. Adjust the domain and DCs accordingly.
Choose either SAM or UPN for ad_user_type. This controls what piece of user information will be written back to the user specific m-Power tables.
Specify the ad_user and ad_p who would have access to the various users and groups from active directory.
For ad_user, ad_group, and ad_user_group, change YOURDD with the data dictionary you would like the data loaded into. You do not need to update the specific table names themselves.
Implementation
The process to load your active directory data into m-Power is done with an External Object.
Register the External Object
Register a new external object with the following rules:
Class: com.mrc.ext.ADSync
Method: syncADUsers(*DSNAM)
No parameters are required.
Calling the External Object
Create a maintainer and chose the above external object. Choose the location AFTER ADD.
After compile, go into Application Properties and set “skip “Skip Database Actions” to Yes.
Run the application to trigger the Active Directory syncing process.
Scheduling this Process
Surely you will not want to manually run this process manually on a daily basis. Instead, you will want to utilize m-Power’s Messaging & Scheduled Tasks to set this to run on a regular basis.
In Scheduled Tasks, choose “Call a Maintainer”
Next, specify the application and add the following into the Additional Maintainer parameters:
one_step=1&action_mode=add&KEYVALUE=1
Replace KEYVALUE with whatever field you used as a dimension in your maintainer.
Once the task is set up, schedule it at the desired interval.
Other Notes
- This feature is available with the Oct 2024 version of m-Power.
- While nothing will limit you from using the m-Power interface to manage users and roles, it is advised to avoid doing this. Each time you run the syncing process, all data within MRCSEC1, MRCSEC5, and MRCSEC6 is deleted and repopulated.
- You are still encouraged to use the menuing UI to manage application and what roles they are allowed to access.